Which firewall chain should you use to filter SSH access to the router itself?
Correct Answer: B
SSH access to the router targets the router itself. Therefore, any packets destined for the router (for example, to TCP port 22) are evaluated in the input chain of the firewall. Evaluation: * A. output ##For packets originating from the router, not to it. * B.#input # Correct - handles traffic destined for the router (like SSH, Winbox, etc.) * C.#prerouting # Used for NAT and mangle operations, not filtering * D.#forward # Used for traffic routed through the router (not for router itself) MTCNA Firewall Section - Chain Functions: "SSH access to the router is incoming traffic. Use input chain to filter or allow it." Rene Meneses Guide - Access Protection: "input chain is responsible for traffic to the router's IP - block/allow SSH, Winbox, etc." Terry Combs Notes - Firewall Management: "Always use input chain for filtering incoming management protocols like SSH."
Question 42
Mark the queue types that are available in RouterOS
Correct Answer: A,C,E,F
MikroTik RouterOS offers several queuing types under /queue type. These queuing algorithms manage how packets are buffered and sent, affecting fairness, delay, and throughput. Available queue types in RouterOS: * SFQ (Stochastic Fairness Queuing)# * FIFO (First In First Out - for bytes or packets)# * PCQ (Per Connection Queuing)# * RED (Random Early Detection/Drop)# Unavailable queue types: * DRR#- Not supported by RouterOS * LIFO#- Not supported; not suitable for networking queues Extract from Official MTCNA Course Material - Queue Types: "RouterOS supports PCQ, SFQ, RED, FIFO, and more. DRR and LIFO are not implemented." Extract from Rene Meneses MTCNA Study Guide - Traffic Management: "Only PCQ, FIFO, SFQ, RED are listed under /queue type. DRR and LIFO do not appear in the supported list." Extract from MikroTik Wiki - Queue Types: "Supported types include FIFO, PCQ, RED, and SFQ. Each has specific use cases for latency or fairness."
Question 43
Where is a hub specified in the OSI model?
Correct Answer: B
A hub is a simple Layer 1 (Physical Layer) device that does not understand MAC addresses or IP addresses. It simply repeats electrical signals to all connected ports without inspection or filtering. MTCNA Course Material - OSI Layer Device Roles: "Hubs operate at the Physical Layer. They do not process frames or packets and function purely as repeaters." Rene Meneses MTCNA Study Guide - OSI Devices: "Hubs are Layer 1 devices. They send bits - not frames - and have no concept of MAC addresses." Other options: * A: Session layer is Layer 5, handles sessions between applications * C: Switches/bridges operate at the Data Link layer (Layer 2) * D: Application layer (Layer 7) is for user-level software like HTTP, FTP, etc.
Question 44
What command will display the line, protocol, DLCI, and LMI information of an interface?
Correct Answer: C
In Cisco IOS, to display detailed Frame Relay virtual circuit information, including the line status, protocol status, DLCI (Data Link Connection Identifier), and LMI (Local Management Interface) details, the correct command is: show frame-relay pvc Cisco IOS Command Reference - Frame Relay: "The show frame-relay pvc command displays information about PVC status, including DLCI numbers and LMI statistics." Breakdown: * A: sh pvc - shorthand and ambiguous, may not be recognized * B: show interface - general interface stats but lacks detailed LMI/DLCI info * C: show frame-relay pvc -#correct, provides detailed DLCI/LMI info * D: show run - shows current configuration, not real-time PVC status
Question 45
A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address on gateway. When the PC Ethernet card failed, the user changed it with a new card and set the same IP for it. What else should be done? [multiple answers]
Correct Answer: A,C
When static ARP is configured, the router explicitly binds an IP address to a specific MAC address. This means: * If the MAC address of the device changes (as it does when a new network card is installed), and the IP remains the same, the router will not allow the device to communicate, because the MAC address in the ARP table no longer matches the new hardware. Options explained: * A.#Correct. The old ARP entry must be updated to reflect the new MAC address if the IP is reused. * B.#Incorrect. The communication will fail if the ARP table still holds the outdated MAC for that IP. * C.#Correct. Alternatively, if the new NIC supports MAC address modification, setting the MAC address to match the old one would make the static ARP entry valid again. * D.#Incorrect. There's no need to change the IP if the static ARP entry is updated. Extract from Official MTCNA Course Material - ARP Section: "Static ARP entries tie IPs to MAC addresses. If the MAC changes but the static ARP entry remains unchanged, the device cannot communicate with the router." Extract from Rene Meneses MTCNA Study Guide - ARP: "When using static ARP, any MAC change must be reflected in the router's ARP table; otherwise, packets will be dropped." Extract from MikroTik Wiki - ARP Modes: "Static entries require matching MAC addresses. If the client's MAC changes, the ARP table must be updated or communication will fail."
