Let’s evaluate each statement:
A.✘Incorrect – /ip firewall filter can block traffic after association/authentication but cannot directly prevent wireless authentication. Association happens before IP-level filtering.
B.✔Correct – Wireless access-list allows or denies associations based on MAC address and other parameters (signal strength, etc.).
C.✔Correct – Access-list rules can enable/disable default-forwarding per client (overriding global setting).
D.✘Incorrect – Disabling the wireless interface is not the only way. You can use access-list or disable SSID broadcast.
Extract from MTCNA Course Material – Wireless Access List:
“Access List provides client control based on MAC address. You can accept, reject, and even override default-forwarding per client.â€
Extract from René Meneses MTCNA Study Guide – Access Control:
“Wireless Access List can selectively allow or deny clients and enforce individual settings like forwarding.â€
Extract from MikroTik Wiki – Wireless Access List:
“The firewall filter is not involved in authentication. Access control must be done at the wireless layer using access-lists.â€
===========
