What wireless card can we use to achieve 100 Mbps actual wireless throughput?
802.11 b/g
802.11 a/b/g
802.11 a
802.11 a/n
802.11 a/b/g/n
To achieve actual throughput of 100 Mbps, you must use 802.11n, which supports higher data rates through technologies such as MIMO (Multiple Input, Multiple Output) and channel bonding. 802.11n provides theoretical speeds up to 150 Mbps per stream and actual throughput above 100 Mbps under good conditions.
802.11a/b/g maxes out around 20–25 Mbps real throughput
802.11n (especially in 5 GHz band via 802.11a/n) is required to exceed 100 Mbps actual throughput
MTCNA Course Material – Wireless Standards and Data Rates:
“802.11n with proper channel width and MIMO can achieve over 100 Mbps of real throughput.”
René Meneses MTCNA Study Guide – Wireless Performance:
“Only 802.11n can reach 100+ Mbps in practical use. Legacy modes (a/b/g) fall short due to modulation limits.”
Breakdown:
A/B/C: Do not support 100 Mbps throughput
D:✔802.11a/n supports 100+ Mbps
E: While also valid, D is more precise for the specific requirement (focused on a/n only)
Final Answer: DQUESTION NO: 156 [Firewall – Mangle Chains]
It is possible to add user-defined chains in ip firewall mangle.
A. True
B. False
Answer: A
RouterOS allows users to define custom chains in the mangle table, giving more flexibility for organizing and managing rules. This is particularly useful in complex routing and QoS configurations.
MikroTik Wiki – Firewall Mangle:
“Custom chains can be created using the add chain=your_chain_name command. Then you can jump to them from built-in chains.”
MTCNA Course Material – Mangle & Packet Flow:
“User-defined chains help separate logic and simplify processing. You can jump into them from prerouting, forward, or postrouting.”
Final Answer: AQUESTION NO: 157 [Firewall – NAT and Redirect Actions]
Action=redirect allows you to make:
A. Transparent DNS Cache
B. Forward DNS to another device IP address
C. Enable Local Service
D. Transparent HTTP Proxy
Answer: D
In RouterOS, action=redirect is used in NAT rules to redirect traffic destined for specific ports to local services. This is often used for:
Transparent web proxy (redirect port 80 to a local proxy service)
Transparent DNS interception (if RouterOS is the DNS server)
In most practical MikroTik use cases, redirect is associated with Transparent HTTP Proxy.
MTCNA Course Material – NAT Configuration:
“action=redirect rewrites the destination address to the router’s own IP. It is commonly used to create transparent web proxies.”
MikroTik Wiki – NAT Redirect:
“Redirect is used for redirecting traffic to local services like web proxy or DNS cache on the router.”
Breakdown:
A: Possible, but limited use; DNS cache works better with dst-nat
B: Incorrect — to forward to another IP, use dst-nat
C: Misleading — enabling local services doesn't require redirect
D:✔Correct—redirect enables transparent proxy setup
Final Answer: DQUESTION NO: 158 [Routing – Automatically Created Routes]
What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface?
A. I
B. D
C. A
D. S
E. C
Answer: E
In RouterOS, when an IP address is assigned to an interface, a connected route is automatically created. These routes are marked with the letter “C” in the routing table, denoting “Connected.”
MikroTik Wiki – Routing Table Flags:
“C – directly connected routes (assigned via /ip address), added automatically when interface is active.”
MTCNA Course Material – Static vs Dynamic Routes:
“Connected (C) routes are added automatically when IP is assigned to an interface.”
Flag meanings:
C:✔Connected
S: Static
D: Dynamic
A: Active (not a route type)
I: Invalid or intermediate (not shown for connected)
Which router command allows you to view the entire contents of all access lists?
show all access-lists
show access-lists
show ip interface
show interface
The show access-lists command in Cisco IOS is used to display all configured access control entries (ACEs) in every access list, both named and numbered. This command shows the complete content, including rules and hit counters.
Cisco IOS Command Reference – Access List Monitoring:
“Use show access-lists to view the complete list of all access control entries. This includes both standard and extended lists.”
Other options:
A: Invalid command syntax
C: show ip interface shows interface-level IP settings and ACL applications, but not full ACL content
D: show interface shows status and statistics, not ACL rules
Final Answer: BQUESTION NO: 134 [Cisco IOS – Console Access Configuration]
What does the command routerA(config)#line cons 0 allow you to perform next?
A. Set the Telnet password.
B. Shut down the router.
C. Set your console password.
D. Disable console connections.
Answer: C
The command line cons 0 enters the console line configuration mode. This is used to apply settings specific to the physical console line, such as setting a login password (via password and login commands).
Cisco IOS Configuration Guide – Line Console Mode:
“Use line console 0 to configure settings for the console line, including timeouts, password security, and logging behavior.”
René Meneses Study Guide – Device Access:
“Console access configuration begins with line console 0. It is followed by login and password commands.”
Other options:
A: Telnet is configured under line vty, not console
B: Router shutdown is done with reload or shutdown commands (not here)
D: Console cannot be disabled from line cons 0
Final Answer: CQUESTION NO: 135 [Switching – Spanning Tree Protocol]
How often are BPDUs sent from a Layer 2 device?
A. Never
B. Every 2 seconds
C. Every 10 minutes
D. Every 30 seconds
Answer: B
BPDU (Bridge Protocol Data Units) are messages exchanged by switches in a Spanning Tree Protocol (STP) topology to maintain loop-free Layer 2 networks. By default, switches send BPDUs every 2 seconds.
MTCNA Course Material – STP Operation:
“Switches send BPDUs to maintain spanning tree and detect topology changes. The default transmission interval is 2 seconds.”
Cisco STP Documentation:
“BPDUs are transmitted by the root bridge and propagated every 2 seconds by default, controlled by the hello-time timer.”
Other options:
A: Incorrect — BPDUs are essential for loop prevention
C & D: Not correct — default is 2 seconds, not minutes
Final Answer: BQUESTION NO: 136 [Routing Protocols – Passive Interface Behavior]
What does the passive command provide to dynamic routing protocols?
A. Stops an interface from sending or receiving periodic dynamic updates.
B. Stops an interface from sending periodic dynamic updates but not from receiving updates.
C. Stops the router from receiving any dynamic updates.
D. Stops the router from sending any dynamic updates.
Answer: B
In dynamic routing (e.g., RIP, OSPF, EIGRP), the passive-interface command stops routingadvertisements (outgoing updates) from being sent through the specified interface. However, the router still listens for incoming routing updates.
Cisco IOS Configuration Guide – Passive Interface:
“The passive-interface command prevents routing updates from being sent on an interface, while still allowing updates to be received.”
René Meneses MTCNA Guide – Passive Mode:
“It suppresses sending routing advertisements but does not block receiving updates on that interface.”
Other options:
A: Incorrect — it does not block receiving
C: Incorrect — it applies to interfaces, not globally
D: Also incorrect — it does not block all updates
Final Answer: B
────────────────────────────────────────────────────────────
MikroTik RouterOS commands can be run once a day by:
/system watchdog
/system cron
/system scheduler
MikroTik RouterOS uses the /system scheduler to execute scripts or commands at defined times or intervals. It allows for automation of tasks such as backups, reboots, updates, and more.
Evaluation:
A. /system watchdog →❌Used for hardware monitoring and rebooting if the system freezes.
B. /system cron →❌Not available in MikroTik RouterOS (RouterOS doesn’t use cron syntax).
C. /system scheduler →✅Correct. Built-in RouterOS feature for scheduled command execution.
MTCNA Course Manual – System Scheduler Section:
“Use /system scheduler to run scripts or commands at regular intervals or specific times.”
René Meneses Guide – Automating Tasks:
“Scheduler is the only built-in time-based job handler in RouterOS.”
Terry Combs Notes – Script Automation:
“RouterOS uses scheduler, not cron. Schedule by time or interval.”
Answer: CQUESTION NO: 67 [Firewall / Tools]
Where can you monitor (see addresses and ports) real-time connections which are processed by the router?
A. Firewall Connection Tracking
B. Firewall Counters
C. Tool Torch
D. Queue Tree
Answer: A
Firewall Connection Tracking (also known as conntrack) is used to monitor real-time connections that pass through the router. It shows source and destination IPs, ports, protocols, connection states (established, new, related), and more.
Let’s evaluate the options:
A.✅Correct – Shows live connection table with IPs, ports, and statuses
B.❌Shows rule match counters only — no detailed connection info
C.❌Torch shows per-interface traffic; useful for bandwidth, but not a connection list
D.❌Queue Tree is used for traffic shaping, not for viewing connections
MTCNA Course Manual – Firewall Concepts:
“Connection tracking shows all active sessions through the router with IP and port details.”
René Meneses Guide – Firewall Tools:
“Use connection tracking to diagnose connection states and NAT behavior.”
Terry Combs Notes – Monitoring Tools:
“conntrack is your real-time connection monitor. Torch is per-interface, not per-flow.”
Answer: AQUESTION NO: 68 [Wireless]
How many wireless clients can connect, when wireless card is configured to mode=bridge?
A. 1
B. 100
C. 2007
D. 2
Answer: A
In MikroTik RouterOS, if a wireless card is configured to mode=bridge (also referred to as "station-bridge"), it can only be used to connect a single client device (MAC address) behind it. This is due to limitations in how 802.11 bridges MAC addresses.
So:
A.✅Correct – Only 1 MAC address can pass via wireless bridge mode (unless using WDS or 4-address mode)
B, C →❌Too many clients for bridge mode
D.❌Incorrect – Still only one client allowed per interface in bridge mode
MTCNA Wireless Module – Wireless Modes:
“Bridge mode allows one client only unless extended bridging protocols are used.”
René Meneses Guide – Wireless Bridging:
“mode=bridge = one MAC behind the station. Use WDS for multiple MACs.”
Terry Combs Notes – Wireless Modes:
“Station-bridge mode works like Ethernet, but only supports one MAC address unless using WDS.”
Answer: AQUESTION NO: 69 [Routing]
In the Route List, the identification DAb for a route stands for:
A. direct - active - bgp
B. direct - acknowledge - backup
C. dynamic - active - backup
D. dynamic - active - bgp
Answer: D
In MikroTik RouterOS, route flags provide quick insight into how the route was created and its status:
D = Dynamic → The route was added dynamically by a protocol (like BGP, OSPF, RIP)
A = Active → This route is currently being used
b = BGP → Indicates that the route was learned via the BGP routing protocol
Therefore, DAb means:
→ D = Dynamic
→ A = Active
→ b = BGP
MTCNA Routing Section – Route Flags Explanation:
“D = dynamically added, A = currently active, b = learned via BGP.”
René Meneses Guide – Understanding Route Lists:
“DAb → dynamic + active + BGP route. Route is learned and installed via BGP.”
Terry Combs Notes – Route Symbols:
“Check the route list: b = BGP, o = OSPF, r = RIP, s = static, c = connected.”
When backing up your router by using the ‘Export’ command, the following happens:
Winbox usernames and passwords are backed up
The Export file can be edited with a standard text editor after its creation
You are requested to give the export file a name
MikroTik RouterOS supports two types of configuration backups:
/export – creates a human-readable script (.rsc file) containing configuration commands. This file can be edited using any text editor and later imported into another device.
/system backup – creates a binary image including all settings, passwords, and sensitive data.
Option analysis:
A.✘Incorrect–Export does NOT include passwords or Winbox credentials for security reasons
B.✔Correct–Exported .rsc files are plain-text and editable
C.✘Incorrect–The export file is automatically named (e.g., export.rsc) unless redirected manually
Extract from MTCNA Course Material – Backup vs Export:
"Export is a plain-text script file that can be edited and reused. It does not contain encrypted passwords or user credentials."
Extract from René Meneses MTCNA Study Guide – Backup and Restore:
“Use export to create editable configurations. It excludes sensitive data like passwords.”
Extract from Terry Combs Notes – Configuration Export:
“Export is readable, editable, and ideal for replicating setups. Passwords and some private info are excluded.”
===========
Copyright © 2021-2025 CertsTopics. All Rights Reserved
