MikroTik Updated MTCNA Exam Questions and Answers by zidane

TheMAC layer (Media Access Control)is asub-layerof theData Link Layer, which is known asLayer 2in theOSI (Open Systems Interconnection) model. This layer is responsible for the delivery of frames between devices on the same local network. The MAC sub-layer controls how a device on the network gains access to the medium and permission to transmit data.

Extract fromRené Meneses MTCNA Study Guide – OSI Model Section:

"The MAC layer, or Media Access Control, is part of Layer 2 (Data Link Layer) in the OSI model. It handles physical addressing and access to the medium, such as Ethernet. MAC addresses are used at this level to identify source and destination interfaces in the same network segment."

Extract fromTerry Combs MTCNA Notes – OSI Layers Overview:

"Layer 2 is the Data Link Layer and contains two sublayers: LLC (Logical Link Control) and MAC (Media Access Control). The MAC sub-layer is the portion that directly interacts with the network interface and is responsible for MAC addressing and frame delivery."

Extract fromMikroTik Wiki – OSI Model & MAC Addressing Section:

"MAC addresses operate at Layer 2 of the OSI model. This layer is responsible for node-to-node data transfer, framing, and access control using MAC addresses."

Breakdown of Each Option:

A. Layer 2✅✔Correct — The MAC layer is a sublayer ofLayer 2(Data Link Layer).

B. Layer 1❌✘Incorrect — This is thePhysical Layer, responsible for transmission of raw bits, not MAC addressing.

C. Layer 6❌✘Incorrect — This is thePresentation Layer, which handles data format translation, not networking functions.

D. Layer 7❌✘Incorrect — This is theApplication Layer, used by end-user software like browsers or email clients.

E. Layer 3❌✘Incorrect — This is theNetwork Layer, responsible for logical addressing and routing using IP addresses, not MAC.

To configure a MikroTik wireless interface as a basic access point (AP), the minimum required parameters are:

Mode → Must be set to ap-bridge or bridge

SSID → Defines the wireless network name to broadcast

Band → Determines which frequency ranges are used (e.g., 2.4GHz b/g/n or 5GHz a/n/ac)

Frequency → Specifies the actual channel used for broadcasting

Options reviewed:

A. radio name →✘Optional. A cosmetic label used to identify the radio in Winbox.

B. scan-list →✘Optional. Used to define which frequencies the interface should scan.

C.✔Required

D.✔Required

E.✔Required

F. DFS mode →✘Optional and auto-configured based on regulatory domain.

G. WDS →✘Only needed for bridging or extending networks.

Extract from Official MTCNA Course Material – Wireless Configuration:

“The minimal settings to enable an Access Point include: mode, SSID, band, and frequency. Without these, the interface won’t broadcast.”

Extract from René Meneses Study Guide – Wireless Basics:

“To turn on an AP: Set the mode to ap-bridge, define SSID, band, and frequency. Other settings are optional or advanced.”

Extract from Terry Combs Notes – Wireless Setup:

“Essential: mode, frequency, SSID, band. Others like WDS and DFS are situational.”

===========

Both ping and traceroute are diagnostic tools used to test connectivity and network path behavior. While both use IP as the transport layer, they rely on specific protocols:

Ping uses ICMP Echo Request and Echo Reply messages.

Traceroute typically uses UDP packets with increasing TTL (Time-To-Live) values to discover each hop.

On MikroTik devices, ping uses ICMP and traceroute uses UDP by default (though ICMP traceroute is also available in some implementations).

A. DHCP is unrelated. It's a protocol for IP address assignment.

B. IP is a network-layer protocol underlying ICMP and UDP, but it's not the specific diagnostic protocol.

C. TCP is a connection-oriented protocol, not used for ping/traceroute.

D. Correct. ICMP is the protocol behind ping.

E. Correct. UDP is used by default in traceroute to trigger ICMP Time Exceeded messages from routers.

Extract from Official MTCNA Course Material – Tools Section:

“Ping uses the ICMP protocol to send Echo Request and receive Echo Reply. Traceroute sends UDP packets with incremented TTL values to discover intermediate hops.”

Extract from René Meneses Study Guide – Diagnostic Tools:

"Traceroute in RouterOS sends UDP packets to a random port. Routers that receive the packet send ICMP Time Exceeded messages back when TTL expires. Ping uses ICMP directly."

Extract from MikroTik Wiki – Ping and Traceroute:

“Ping uses ICMP protocol. Traceroute sends UDP packets, increasing TTL by one for each hop.”

The log action in MikroTik's firewall does not block or drop packets. Instead, it generates a log entry for packets that match the rule and passes the packet to the next rule in the chain. It is used for monitoring, debugging, or auditing network behavior.

MTCNA Official Course Material – Firewall Filters:

“The action 'log' creates a log entry when a packet matches the rule. It does not terminate or alter the packet's flow. The packet continues to be processed by subsequent rules.”

René Meneses MTCNA Study Guide – Firewall Logging:

“Log action is used to generate logs for matched packets. It does not block or modify traffic.”

MikroTik Wiki – Firewall Actions:

“log – This action writes matching packets to the log. Logging rules have no effect on the packet’s behavior.”

Hence, Option D is correct: It logs the packet, nothing more.

Final Answer: DQUESTION NO: 86 [Firewall]

Which of the following is true for connection tracking?

A. Connection tracking must be enabled for NAT'ed network

B. Enabling connection tracking reduces CPU usage in RouterOS

C. Disable connection tracking for mangle to work

D. Connection tracking must be enabled to be able to use all firewall features

Answer: D

Connection tracking (conntrack) is a feature that enables RouterOS to monitor and manage the state of all network connections passing through the router. It is essential for features like NAT, stateful firewalling, and proper use of mangle and filter rules.

MTCNA Course Material – Connection Tracking:

“Most firewall and NAT functionality depends on connection tracking being enabled. Without connection tracking, many features (like NAT) won’t function properly.”

René Meneses MTCNA Study Guide – Firewall Section:

“Connection tracking is required for NAT and most firewall filters. When disabled, connection-state-based filtering or NAT is not possible.”

Terry Combs MTCNA Notes – Conntrack Section:

“Conntrack must be enabled to use full firewall capabilities, including NAT and filtering by connection states like established and related.”

Option A is partially true but not complete.

Option B is incorrect – conntrack may increase CPU load due to session tracking.

Option C is incorrect – mangle rules often depend on connection marks which require conntrack.

Only Option D accurately captures the critical requirement of connection tracking.

Final Answer: DQUESTION NO: 87 [RouterOS Introduction]

Which of the following keystrokes enables safe mode in console?

A. Ctrl+x

B. Ctrl+c

C. Ctrl+d

D. Ctrl+s

Answer: D

Safe Mode in MikroTik CLI is a protective mode that helps revert any unintended changes if you get disconnected. It is activated by pressing Ctrl+X in older versions, but the current standard keybinding for enabling safe mode is Ctrl+S.

MTCNA Course Material – Safe Mode:

“To enable safe mode in the terminal, press Ctrl+S. A confirmation [Safe Mode] will appear in the prompt. If the terminal is closed or disconnected, the changes are rolled back.”

René Meneses MTCNA Study Guide – Terminal Commands:

“Safe Mode can be activated using Ctrl+S. This is useful during remote configuration. It reverts changes if the terminal is closed.”

MikroTik Wiki – Safe Mode Section:

“To enter safe mode, press Ctrl+S in CLI. This ensures configuration rollback if disconnected.”

Other options:

Ctrl+C terminates commands or CLI input

Ctrl+X may not activate safe mode in newer versions

Ctrl+D is used to log out in some Unix-like terminals

Correct answer: Ctrl+S

Final Answer: DQUESTION NO: 88 [Wireless]

Select minimal set of software packages in RouterOS required to configure a wireless AP:

A. Wireless

B. advanced-tools

C. dhcp

D. routing

E. system

Answer: A

To configure a wireless access point (AP) in RouterOS, the only required software package is wireless. All other functionalities like DHCP or routing are optional depending on the network setup. The system package is always present and not removable, so it's not listed as a required dependency in package selection.

MTCNA Course Material – Wireless Configuration Basics:

“Wireless functionality is provided by the wireless package. Without it, no wireless interfaces are present or configurable.”

René Meneses MTCNA Guide – Wireless Module:

“Only the wireless package is required to configure an AP. DHCP is used optionally for IP address assignment.”

MikroTik Wiki – Packages:

“The wireless package is responsible for enabling WLAN interfaces and features such as AP mode, client mode, and security.”

Other packages:

advanced-tools: includes tools like bandwidth-test and traffic generator

dhcp: only needed if the router is issuing IPs

routing: required for static/dynamic routing but not AP setup

Only Option A is required.