Cisco 300-820 Flashcards
1
Q
Which complication does a NAT introduce in SDP for a SIP call?
A. Additional headers due to NAT encapsulation can cause the packet size to exceed the MTU.
B. When the client is behind a NAT they may be unable to determine the appropriate offset due to time zones.
C. The IP address specified in the connection data field may be an unrouteable internal address.
D. The encryption keys advertised in the SDP are only valid for clients not behind a NAT.
A
C
(https://www.examtopics.com/exams/cisco/300-820/view/)
2
Q
A company already has a Cisco Unified Communications Manager for internal audio and video traffic, but it requires video communication with external partners and customers. It is important to ensure security for the deployment and the connectivity.
What must be set up to enable this requirement?
A. Cisco Unified Border Element and Cisco ASA Firewall B. Cisco Unified Border Element and Cisco Firepower Firewall C. Cisco Expressway-C and Cisco Expressway-E D. Cisco Expressway-C and Cisco Unified Border Element
A
C
3
Q
When an Expressway-E is configured for static NAT, which Session Description Protocol attribute is modified to reflect the NAT address?
A. SDP b-line B. SIP record route C. SDP c-line D. SDP m-line
A
C
4
Q
A company is installing Cisco Collaboration infrastructure and one of the requirements is that they must be able to communicate with many external parties that are using H.323 and SIP. Internally they want to register the endpoints only on SIP.
Which functionality would describe the feature that needs to be enabled and where to achieve this?
A. Interworking in Expressway-C B. Transcoding in Cisco Unified Communications Manager C. Transcoding in Expressway-C D. Interworking in Cisco Unified Communications Manager
A
A
5
Q
What is a key configuration requirement for Hybrid Message Service High Availability deployment with multiple IM and Presence clusters?
A. You must have the Intercluster Sync Agent working across your IM and Presence clusters. B. You must have the Intercluster Lookup Service working across all of your IM and Presence clusters. C. Your IM and Presence Service clusters must have Multiple Device Messaging disabled. D. AXL service should be activated only on the publisher of each IM and Presence cluster.
A
A
The Cisco Sync Agent must be running on the database publisher node of each intercluster peer on the local and remote IM and Presence database publisher nodes
6
Q
Cisco Collaboration endpoints are exchanging encrypted signaling messages.
What is one major complication in implementing NAT ALG for voice and video devices?
A. Internal endpoints cannot use addresses from the private address space. B. The NAT ALG cannot inspect the contents of encrypted signaling messages. C. NAT ALG introduces jitter in the voice path. D. Source addresses cannot provide the destination addresses that remote endpoints should use for return packets.
A
B
The NAT ALG cannot inspect the contents of encrypted signaling message - https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab11/collab11/security.html
7
Q
What are two reasons why port 8443 is unreachable from the Internet to the Expressway-E? (Choose two.)
A. The MRA license is missing on the Expressway-E. B. The Unified Communications zone is down. C. Transform is not configured on Expressway-E. D. The SRV record for _cisco-uds is misconfigured. E. The firewall is blocking the port.
A
D E
8
Q
Which media encryption mode can be configured on an Expressway zone?
A. Advanced Encryption Standard
B. IPsec
C. Triple Data Encryption Standard
D. force unencrypted
A
D
The encryption mode options are:
Force encrypted: All media to and from the zone/subzone must be encrypted. If the target system/endpoint is configured to not use encryption, then the call will be dropped.
Force unencrypted: All media must be unencrypted. If the target system/endpoint is configured to use encryption, then the call may be dropped; if it is configured to use Best effort then the call will fall back to unencrypted media.
Best effort: Use encryption if available, otherwise fall back to unencrypted media.
Auto: No specific media encryption policy is applied by the Expressway. Media encryption is purely dependent on the target system/endpoint requests. This is the default behavior and is equivalent to how the Expressway operated before this feature was introduced.
9
Q
What is the purpose of a transform in the Expressway server?
A. A transform has the function as a neighbor zone in the Expressway. It creates a connection with another server. B. A transform changes the audio codec when the call goes through the Expressway. C. A transform is used to route calls to a destination. D. A transform changes an alias that matches certain criteria into another alias.
A
D
10
Q
An organization with a domain name of example.com.
Which two SRV records are valid for a SIP and H.323 communication? (Choose two.)
A. _sips._tcp.example.com B. _sips._udp.example.com C. _h323ls._udp.example com D. _h323ls._tcp.example.com E. _collab-edge._tls.example.com
A
A C
11
Q
What is the Cisco-recommended key length in bits for a Cisco Expressway certificate?
A. 1024 B. 2048 C. 4096 D. 8192
A
C
SIP TLS zones may fail to become active if certificates use a key length of 8192 bits. We recommend using certificates with a key length of 4096 bits.
12
Q
(\d{3})(\d{3})(\d{3})(\d{3})
Refer to the exhibit. Which two numbers match the regular expression? (Choose two.)
A. d20d16d20d22 B. 2091652010224 C. 209165200225 D. d209d165d200d224 E. 209165200224
A
C E
13
Q
A company has enabled ICE to optimize call flows and improve video quality between their Cisco Collaboration endpoints internally and externally.
For which reason would you see activity on the TURN server when a call is established between two external endpoints?
A. The video call is using encryption, which is not supported by ICE with CUCM 12.5 B. ICE cannot reduce the packet loss on the link C. A STUN cannot punch holes in the firewall D. The video call is using 4K resolution, which is not supported by ICE with CUCM 12.5
A
C
The answer is C “Those addresses (A, B, and C) populate the SIP SDP offer and answer as ICE candidates, and after the signaling has gone through, both endpoints will have the remote party ICE candidate addresses. It is at that point that the endpoints do a connectivity check by sending STUN messages to one another in an attempt to punch transport holes in the firewalls in order to establish media connectivity between peers.”
14
Q
Which role does Call Policy play when preventing toll fraud on Expressways?
A. It controls which calls are allowed, which calls are rejected, and which calls are redirected to a different destination. B. It changes the calling and called number on a call. C. It changes the audio protocol used by a call through Expressways. D. It changes the audio codec used in a call through Expressways.
A
A
You can set up rules to control which calls are allowed, which calls are rejected, and which calls are to be redirected to a different destination. These rules are known as Call Policy (or Administrator Policy).
If Call Policy is enabled and has been configured, each time a call is made the Expressway will execute the policy in order to decide, based on the source and destination of the call, whether to:
* Proxy the call to its original destination.
* Redirect the call to a different destination or set of destinations.
* Reject the call.
15
Q
What happens to the encrypted signaling traffic of a collaboration device if you place it inside a firewall with private IP addresses and try to make a call over IP without any collaboration infrastructure?
A. The signaling makes it back to the endpoint because the firewall is an application layer gateway and provides address translation. B. Encrypted IP traffic for collaboration devices always is trusted by the firewall. C. The signaling does not make it back to the endpoint because the firewall cannot inspect encrypted traffic. D. The signaling makes it back to the endpoint because the endpoint sent the private address to the external endpoint.
A
C
16
Q
Which statement about scheduling Expressway backups is true?
A. It is not supported on the application. B. It is allowed from the application CLI of the Expressway only. C. It is allowed from the application CLI and GUI of the Expressway. D. It is allowed from the application GUI of the Expressway only.
A
A
17
Q
Between which two DTMF relay methods does the Expressway support interworking? (Choose two.)
A. unsolicited notify B. RFC 2833 C. KPML D. passthrough E. H.245 user input indication
A
B E
When the Expressway is interworking a call between SIP and H.323, it also interworks the DTMF signaling, but only between RFC 2833 DTMF, and the H.245 user input indicators “dtmf” and “basicString”.
18
Q
What allows endpoints behind a NAT to discover the paths through which they will pass media?
A. RTP B. TLS C. SNMP D. ICE
A
D
https://www.cisco.com/c/en/us/td/docs/solutions/PA/ICE/icepa125.html
19
Q
Which two types of information does Cisco Expressway back up? (Choose two.)
A. call records B. log files C. IP addresses D. current call states E. security certificates
A
C E
20
Q
Which connection does the traversal zone configuration define?
A. Expressway-E and Collaboration Endpoints B. Cisco UCS E-Series and Cisco UCM C. Cisco UC and Cisco Unified Presence Server D. Cisco Expressway-C and Cisco Expressway-E platforms
A
D
21
Q
Which protocol should be used to verify the connectivity for different media paths found during a call using ICE?
A. STUN B. RTP C. SNMP D. TURN
A
A
22
Q
Which SIP media encryption mode is applied by default for newly created zones in the Cisco Expressway?
A. Off B. Best Effort C. Auto D. Force Encrypted
A
C
Answer C: Auto - no specific media encryption policy is applied by the Expressway. Media encryption is purely dependent on the target system/endpoint requests. This is the default behavior and is equivalent to how the Expressway operated before this feature was introduced
23
Q
Cisco media traversal technology has enabled a secure environment where internal video endpoints call and receive calls from external video endpoints. How does the Expressway-C and Expressway-E communicate?
A. Expressway-C establishes an outgoing request to Expressway-E, enabling the Expressway-E in the DMZ to notify the internal Expressway-C of an incoming call from an external endpoint. B. Internal endpoints are registered to Expressway-E in the DMZ. Expressway-C, which is also in the DMZ, will receive and make calls on behalf of Expressway- E because they are in the same network. C. Expressway-E establishes an outgoing request to Expressway-C, enabling the Expressway-C in the DMZ to notify the internal Expressway-E of an incoming call from an external endpoint. D. Internal endpoints are registered to Expressway-C in the DMZ. Expressway-E, which is also in the DMZ, will receive and make calls on behalf of Expressway- C because they are in the same network.
A
A
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/exwy_b_mra-expressway-deployment-guide/exwy_b_mra- expressway-deployment-guide_chapter_00.html
24
Q
Which dial plan component is configured in Expressway-C to route a call to the Cisco UCM?
A. call routing B. traversal subzone C. call policy D. search rule
A
D
25
Which attribute in the SDP for a call is affected by the static NAT address configuration in an Expressway-E?
A. connection
B. name
C. version
D. bandwidth
A
26
Which describes what could done on the Expressway-E to successfully route calls from Expressway-C on the internal network to the Internet?
A. Application layer gateway could be enabled to bridge the media traffic.
B. A static NAT route could be added to the firewall to bridge the two networks.
C. The Expressway-E could be enabled for Dual-NIC capability.
D. The Expressway-E could be enabled for interworking.
C
27
Enter Exibit
What is the result of a transformation applied to alias 88514?
A. 98851@ccnpcollab.com
B. 88513@ccnpcollab com
C. 88514@ccnpcollab.com
D. 88515@ccnpcollab.com
C
28
When configuring a Cisco Expressway solution and need to design the dial plan with various rules for URIs and numbers coming through the device. To do so, it is important that some dial plan rules are applied in a certain order. When configuring the transform section, you must know the range of the priorities.
Which range is correct?
A. any number in the drop-down menu
B. any number in the dialog box
C. any number between 1-128
D. any number between 1-65534
D
29
Which zone is required on a B2B deployment between Expressway-C and Expressway-E?
A. traversal zone
B. DNS zone
C. default zone
D. neighbor zone
A
30
Which mode should be used when Call Policy is configured on Expressways?
A. extended CPL
B. local CPL, policy service, and off
C. on
D. remote CPL
B
31
When designing the call control on a Cisco Expressway Core, which is the sequence of dial plan
functions?
A. transforms, CPL, user policy, search rules
B. search rules, zones, local zones
C. DNS zone, local zone, search rules
D. search rules, transforms
A
32
Which two items are configured when deploying a B2B collaboration solution? (Choose two.)
A. SIP trunk between Cisco Unified Communications Manager and Cisco Expressway-C
B. search rules in Cisco Expressway-E
C. SIP trunk between Cisco Unified Communications Manager and Cisco Expressway-E
D. traversal client on a Cisco Expressway-E
E. DNS zone on a Cisco Expressway-C
AB
33
Which step is taken when configuring a Cisco Expressway solution?
A. Configure the Expressway-E by using a non-traversal server zone.
B. Enable static NAT on the Expressway-E only.
C. Disable H.323 mode on the Expressway-E.
D. Enable H.323 H.460.19 demultiplexing mode on the Expressway-C.
B
The Expressway-E has both NICs enabled, and static NAT enabled on its outward-facing LAN interface. The Expressway-C inside the network is a traversal client of the Expressway-E in the DMZ.
34
Refer to Exibit
When configuring a search rule that routes calls to a zone, what occurs when 13358 is dialed?
A. 13358 is replaced by 135, and then is sent to the local zone.
B. 13358 is replaced by 135 and remains in the same zone.
C. 13358 is replaced by 135, and then is sent to the traversal zone.
D. 13358 is sent directly to the traversal zone.
D
Based on Website (https://www.regextester.com/10544) there are a few options which meets this Regex:
135, 1335, 13335, 1333335
1135, 11335, 113335, 11333335
no match for 13358: D is correct
35
Refer to the exhibit. :
Refer to the exhibit. Which description of the transformation is true?
A. It converts 4123@exp-name.exp.domain: to 4123@exp.domain
B. It changes all patterns that begin with 4123@exp-name.exp.domain: to 1@exp.domain
C. It changes 413@exp-name.exp.domain: to 413@exp.domain
D. It converts 4.3@exp-name.exp.domain: to 1@exp.domain
A
4\d{3})@exp-name.exp.domain(:.*)
(4\d{3}) = 4123 Matches
End:4123@exp.domain
36
Refer to the exhibit. In an environment SIP devices are registered to CUCM and H.323 devices to VCS.
What would be required to enable these calls to setup correctly?
A. Create a presearch transform.
B. Change the domain of SIP endpoint A to cisco.com.
C. Disable SIP in the external zone.
D. Change the interworking mode to On.
D
37
Which step is required when configuring cloud and hybrid deployments for Cisco Jabber?
A. Add the Jabber user to Cisco Unity Connection.
B. Add the Jabber user to Expressway-E.
C. Add the Jabber user to Expressway-C.
D. Add Jabber Users to the Cisco Webex Administration Tool.
D
38
Which two licenses are required for the B2B feature to work? (Choose two.)
A. Traversal Server
B. TURN Relays
C. Rich Media Sessions
D. Advanced Networking
E. Device Provisioning
AC
* Rich Media Sessions: Determines the number of non-Unified Communications calls allowed on the Expressway (or Expressway cluster) at any one time. See the Call Types and Licensing section for more information.
* Traversal Server: Enables the Expressway to work as a firewall traversal server.
39
An Expressway-E is configured using a single NIC with NAT.
How must the Expressway-C traversal client zone be configured to connect to the Expressway-E?
A. TLS verify must be enabled.
B. The zone profile must be set to default.
C. The peer address must be the Expressway-E NAT address.
D. The peer address must be the Expressway-E LAN 1 IP address.
C
You must enter the FQDN of the Expressway-E, as it is seen from outside the network, as the peer address on the Expressway-C's secure traversal zone.
40
Refer to Exibit
An ISDN gateway is registered to Expressway-C with a prefix of 9 and/or it has a neighbor zone specified that routes calls starting with a 9.
Which value should be entered into the "Source" field to prevent toll fraud regardless at origin of the call?
A. Traversal Zone
B. Any
C. Neighbor Zone
D. All
B
No as possible choices at Expressway are:
Any: locally registered devices, neighbor or traversal zones, and any non-registered devices.
All zones: locally registered devices plus neighbor or traversal zones.
Local Zone: locally registered devices only.
Named: a specific zone or subzone.
41
Refer to the exhibit.
An Expressway-C and Expressway-E are configured for B2B calling and the Expressway-E zone is set to TLS Verify Currently, calls do not reach the Expressway-C. The Traversal Client zone on the Expressway-C for B2B reports the information in the exhibit for the Peer 1 address.
Which action resolves this error?
A. Configure the Expressway-C Traversal Client zone Peer 1 address with the fully qualified domain name
of the Expressway-E.
B. Configure the Expressway-C Traversal Client zone transport protocol with TCP.
C. Add a server certificate to the Expressway-C that is signed by a certificate authority.
D. Add an intermediate certificate to the Expressway-C that is signed by a certificate authority
C
42
Refer to the exhibit.
Which inbound connection should an administrator configure on the outside firewall?
A. Media: UDP 36000 to 36011
B. XMPP: TCP 5222
C. SIP: TCP 5061
D. HTTPS (tunneled over SSH between C and E): TCP 2222
B
SIP UDP: 5060
SIP TCP: 5060
SIP TLS: 5061
XMPP TCP: 5222
RTP/RTCP: 36000-59999
43
How does an administrator configure an Expressway to make sure an external caller cannot reach a
specific internal address?
A. block the call with a call policy rule in the Expressway-E
B. add the specific URI in the firewall section of the Expressway and block it
C. configure FAC for the destination alias on the Expressway
D. add a search rule route all calls to the Cisco UCM
A
44
An engineer wants to configure a zone on the Expressway-E to receive communications from the Expressway-C in order to allow inbound and outbound calls.
How is the peer address configured on the Expressway-C when Expressway-E has only one NIC enabled and is using static NAT mode?
A. Expressway-E DHCP
B. Cisco UCM FQDN
C. Cisco UCM DHCP
D. Expressway-E FQDN
D
"You must enter the FQDN of the Expressway-E, as it is seen from outside the network, as the peer address on the
Expressway-C's secure traversal zone. The reason for this is that in static NAT mode, the Expressway-E requests that
incoming signaling and media traffic should be sent to its external FQDN, rather than its private name."
45
Refer to the exhibit.
Which two outbound connections should an administrator configure on the internal firewall? (Choose two.)
A. XMPP: TCP 7400
B. SIP: TCP 7001
C. SIP TCP 5061
D. Media: UDP 36012 to 59999
E. HTTPS: TCP 8443
AB
The internal firewall must allow the following outbound connections from the Expressway-C to the Expressway-E:
SIP: TCP 7001
Traversal media: UDP 2776 to 2777 (or 36000 to 36011 for large
VM/appliance)
XMPP: TCP 7400
HTTPS (tunneled over SSH between C and E): TCP 2222
Source: Official Cert Guide
46
Refer to the exhibit.
Refer to the exhibit. The firewall has been configured from NAT 192.168.108.2 to 100.64.0.1. Which configuration changes are needed for an Expressway-E with dual network interfaces?
A:
External LAN interface:LAN 2
LAN 1 IPv4 static NAT mode:ON
LAN 1 IPv4 static address:100.64.0.1
LAN 2 IPv4 static NAT mode:ON
LAN 2 IPv4 static NAT address:100.64.0.1
B:
External LAN interface:LAN 2
LAN 2 IPv4 static NAT mode:ON
LAN 2 IPv4 static NAT address:100.64.0.1
C:
External LAN interface:LAN 1
LAN 1 IPv4 static NAT mode:ON
LAN 1 IPv4 static NAT address:100.64.0.1
D:
External LAN interface:LAN 2
LAN 1 IPv4 static NAT mode:ON
LAN 1 IPv4 static address:100.64.0.1
B
External LAN interface:LAN 2
LAN 2 IPv4 static NAT mode:ON
LAN 2 IPv4 static NAT address:100.64.0.1
47
An engineer is deploying an Expressway solution for the SIP domain Cisco.com.
Which SRV record should be configured in the public DNS to support inbound B2B calls?
A. _collab-edge._tls.cisco.com
B. _cisco-uds._tcp.cisco.com
C. _sip._tcp.cisco.com
D. _cuplogin._tcp.cisco.com
C
SIP B2B - Cisco SRV Records for business-to-business
_sips._tcp.domain 5061 TLS
_sip._tcp.domain 5060 TCP
_sip._udp.domain 5060 UDP
48
A call is sent by Cisco UCM to Expressway with a URI of 75080001@expc1a.pod8.test.lab.
If (7508…) @expc1a\.pod8\.test\.lab.* is the pattern string, what would be the replacement string of the transform in Expressway to re-write the call so that it becomes 75080001@conf.pod8.test.lab?
A. \1@conf\.pod8.test.lab.@
B. \1@conf\.pod8\.test\lab.*
C. \1@conf.pod8\.test\.lab
D. \1@conf\.pod8\.test.lab.!
C
49
Refer to the exhibit.
Calls to locally registered endpoints are failing. At present, there are two endpoints registered locally to this Expressway. An H.323 endpoint with an alias of “EndpointA” is registered, and a SIP endpoint with an
alias of “EndpointB@pod1.local” is also registered.
How is this issue resolved?
A. The dialplan must be redesigned to use the transforms to convert the alias into SIP URI format and then use separate search rules for each format that needs to be dialed within the local zone.
B. The calls are failing because there are insufficient licenses. Additional licenses must be installed for the Expressway to route these calls.
C. The current search rule does not match the call, so the search rule must be modified to include a SIP Variant of “Standards-Based”.
D. Calling parties are placing calls with the wrong domain. End-users must be instructed not to use the pod1.local domain as that is owned by the local system. Calls to any other domain would work.
A
Stripping @domain for dialing to H.323 numbers
SIP endpoints can only make calls in the form of URIs - for example name@domain. If the caller does not specify a domain when placing the call, the SIP endpoint automatically appends its own domain to the number that is dialed. So if you dial 123 from a SIP endpoint, the search will be placed for 123@domain. If the H.323 endpoint being dialed is registered as 123, the VCS will be unable to locate the alias 123@domain and the call will fail.
50
Refer to the exhibit.
A new neighbor zone is added for a new Cisco Meeting Server, but the zone is showing a SIP status of failed from the time the zone it was created.
What should be done to resolve this issue?
A. The search rule must be changed to continue on match.
B. The existing zone using ID 7 must be deleted.
C. More bandwidth must be added to the appropriate pipes.
D. The underlying DNS issue must be resolved.
D
The general rule of thumb with Search rules is the more specific the Pattern string, the lower it can be placed in the Search rule priority list. Generally a DNS Zone is configured with a Pattern string that is going to catch anything that is not a local domain and send it to the Internet. Due to this, we recommend that you set that type of Search rule to a high priority so it's invoked last.
It seems like a Search Rule match would resolve the "underlying DNS issue"
51
Which two considerations must be made when using Expressway media traversal? (Choose two.)
A. It is possible to NAT both Expressway-E interfaces
B. The Unified Communications traversal zone should be used for MRA
C. The Expressway-E must be put in a firewall DMZ segment
D. Expressway Control is the traversal server installed in the DMZ
E. Cisco UCM zone should be either traversal server or client
BC
* An Expressway-E located outside the firewall on the public network or in the DMZ, which acts as the firewall traversal server.
Unified Communications features such as Mobile and Remote Access or Jabber Guest, require a Unified Communications traversal zone connection between the Expressway-C and the Expressway-E. This involves:
○ Installing suitable security certificates on the Expressway-C and the Expressway-E.
○ Configuring a Unified Communications traversal zone between the Expressway-C and the Expressway-E.
52
Jabber cannot log in via Mobile and Remote Access.
You inspect Expressway-C logs and see this error message:
XCP_JABBERD Detail="Unable to connect to host '%IP%', port 7400:(111) Connection refused" Which is
the cause of this issue?
A. Rich Media Session licenses are not activated on Expressway-E.
B. Expressway-E is listening on the wrong IP interface.
C. The destination port for Expressway-E is set to 7400 instead of 8443 on the Expressway-C.
D. The XCP Service is not activated on Expressway-E.
B
Expressway-C Logs Show This Error: XCP_JABBERD Detail="Unable to connect to host '%IP%', port 7400:(111) Connection refused"
If Expressway-E Network Interface Controller (NIC) is incorrectly configured, this can cause the Extensible Communications Platform (XCP) server to not be updated. If Expressway-E meets these criteria, then you will probably encounter this issue:
Uses a single NIC.
Advanced Networking Option Key is installed.
The Use Dual Network Interfaces option is set to Yes.
In order to correct this problem, change the Use Dual Network Interfaces option to No.
The reason this is a problem is because Expressway-E listens for the XCP session on the wrong network interface, which causes the connection to fail/timeout. Expressway-E listens on TCP port 7400 for the XCP session. You can verify this if you use the netstatcommand from the VCS as root.
53
Which configuration is required when implementing Mobile and Remote Access on Cisco Expressway?
A. IPS
B. SAML authentication
C. Cisco Unified CM publisher address
D. SSO
C
Step 1
On the Expressway-C primary peer, go to Configuration > Unified Communications > Unified CM servers.
Step 2
Click New and add the following details for the publisher node:
* Unified CM publisher address—The server address of the publsiher node.
* Username—User ID of an account that can access the server.
* Password—Password of the account that can access the server
* TLS verify mode (What about for basic MRA without ICE – is this recommended?)
* AEM GCM media encryption—Set to On to enable AEM GCM support. This field appears only if you
* Deployment—If you have configured multiple Deployments, select the appropriate deployment. Note that this field does not appear unless you have configured deployments.
54
What it is the purpose of using ICE for Mobile and Remote Access endpoints in the Cisco
Collaboration infrastructure?
A. ICE controls the bandwidth usage for Cisco Collaboration endpoints if the endpoints are located outside the company network.
B. ICE enables Cisco Collaboration endpoints to determine if there is direct connectivity between them.
C. ICE uses FAST updates to optimize the video quality in case of packet loss. This technology is available only from Cisco Unified CM version 11.5 and later.
D. ICE enablement allows for the Cisco Collaboration endpoint to register through Expressway servers to Cisco Unified Communications Manager behind a firewall.
B
Interactive Connectivity Establishment (ICE), defined in RFC 8445, is a protocol that combines STUN and TURN. Using ICE, endpoints can determine if there is direct connectivity between them and will then apply the STUN hole-punching techniques to keep the firewall ports opened, thus allowing for both inbound and outbound media traffic. If direct media connectivity cannot be achieved, the endpoints will fall back to the TURN server and will send their UDP traffic centrally instead of going peer-to-peer.
55
When deploying an Expressway Core and Expressway Edge cluster for mobile and remote access,which TLS verity subject name must be configured on the Expressway-E UC traversal zone?
A. Webex CUSP Cluster Name
B. Expressway-E Cluster Name
C. Cisco Unified Communications Manager Publisher FQDN
D. Expressway-C Cluster Name
D
On Expressway E, Enter the name to look for in the traversal client's certificate (must be in either the Subject Common Name or the Subject Alternative Name attributes). If there is a
cluster of traversal clients, specify the cluster
name here and ensure that it is included in each client's certificate.
Traversal Client is EXP-C
56
Refer to the exhibit.
Mobile Cisco Jabber cannot register with on-premises Cisco Unified Communications Manager using Mobile and Remote Access. Some logs were captured on Expressway Edge.
Which action corrects this problem?
A. Ensure that the peer address does not match the Common Name on certificate.
B. Ensure that the _cisco-uds SRV record has been configured.
C. Ensure that the credential has been entered correctly.
D. Ensure that the SIP domains are added on Expressway Core.
C
When the password is incorrect, you see this in the Expressway−E logs:
Module="network.ldap" Level="INFO": Detail="Authentication credential found in directory for identity: traversal? Module="developer.nomodule" Level="WARN" CodeLocation="ppcmains/sip/sipproxy/ SipProxyAuthentication.cpp(686)" Method="SipProxyAuthentication:: checkDigestSAResponse" Thread="0x7f2485cb0700": calculated response does not match supplied response, calculatedResponse=769c8f488f71eebdf28b61ab1dc9f5e9, response=319a0bb365decf98c1bb7b3ce350f6ec Event="Authentication Failed" Service="SIP" Src−ip="10.48.80.161" Src−port="25723" Detail="Incorrect authentication credential for user" Protocol="TLS" Method="OPTIONS" Level="1?
57
Which two statements about Expressway media traversal are true? (Choose two.)
A. Expressway Control is the traversal server installed in the DMZ.
B. The Expressway Edge must be put in a firewall DMZ segment.
C. Cisco Unified Communications Manager zone can be either traversal server or client.
D. The Unified Communications traversal zone can be used for Mobile and Remote Access.
E. Both Expressway Edge interfaces can be NATed.
BD
* An Expressway-E located outside the firewall on the public network or in the DMZ, which acts as the firewall traversal server.
Unified Communications features such as Mobile and Remote Access or Jabber Guest, require a Unified Communications traversal zone connection between the Expressway-C and the Expressway-E.
58
Which zone is required between Expressway-E and Expressway-C in Mobile and Remote Access
deployments?
A. Unified Communications traversal zone
B. neighbor zone
C. DNS zone
D. traversal zone
A
Which type of traversal zone?
* If your deployment is for business to business calling, use a traversal zone.
* If your deployment is for mobile and remote access, use a Unified Communications traversal zone
59
For a Mobile and Remote Access deployment, which server's certificate must include the Unified registration domain as a Subject Alternate Name?
A. Expressway-C server certificate
B. Cisco Unified Communications Manager server certificate
C. Expressway-E server certificate
D. Expressway-C and Expressway-E server certificate
C
Expressway-E server certificate requirements
The Expressway-E server certificate must include the elements listed below in its list of subject alternative names (SAN). If the Expressway-E is also known by other FQDNs, all of the aliases must be included in the server certificate SAN.
* Unified CM registrations domains: all of the domains which are configured on the Expressway-C for Unified CM registrations. Required for secure communications between endpoint devices and Expressway-E.
The Unified CM registration domains used in the Expressway configuration and Expressway-E certificate, are used by Mobile and Remote Access clients to lookup the _collab-edge DNS SRV record during service discovery. They enable MRA registrations on Unified CM, and are primarily for service discovery.
60
A Jabber user is being prompted to trust the Expressway-E certificate when using Mobile and Remote Access. The administrator has validated that the Expressway-E certificate is being trusted by the machin running the Jabber client.
What else can be done to solve this problem?
A. Create a new CSR with new information on the SAN field.
B. Include Cisco Unified Communications Manager registration domain in the Expressway-E certificate as
a SAN.
C. Change the domain name.
D. Change the FQDN of the Expressway.
B
The Unified CM registration domain used for the collab-edge record must be present within the SAN of the Expressway-E certificate. CSR tool in the Expressway server will give you the option to add the Unified CM registration domain as a SAN
61
Which DNS record and port combination must be resolved externally for Mobile and Remote Access tobe used?
A. _collab-edge on port 8443
B. _cisco-uds-edge on port 5061
C. _collab-edge on port 5061
D. _cisco-uds on port 8443
A
Public DNS (External Domains)
The public, external DNS must be configured with _collab-edge._tls. SRV records so that endpoints can discover the Expressway-Es to use for Mobile and Remote Access. You also need SIP service records for general deployment (not specifically for MRA).
Domain Service Protocol Priority Weight Port Target host
example.com collab-edge tls 10 10 8443 expe1.example.com
example.com collab-edge tls 10 10 8443 expe2.example.com
example.com sips tcp 10 10 5061 expe1.example.com
example.com sips tcp 10 10 5061 expe2.example.com
62
Which two statements about Mobile and Remote Access certificate are true? (Choose two.)
A. Expressway Core can use private CA signed certificate.
B. You must upload the root certificates in the phone trust store.
C. Expressway must generate certificate signing request.
D. Expressway Edge must use public CA signed certificate.
E. The Jabber client can work with public or private CA signed certificate.
A E
63
In a Mobile and Remote Access deployment, where must communications be encrypted with TLS?
A. Cisco Expressway-E and endpoints outside the enterprise
B. Cisco Expressway-C, Cisco Unified Communications Manager, and IM&P
C. Cisco Expressway-C, Cisco Expressway-E, and Cisco Unified Communications Manager
D. Cisco Expressway-C, Cisco Expressway-E, and endpoints outside the enterprise
D
MRA requires secure communication between Expressway-C and Expressway-E, and between Expressway-E and external endpoints.
64
When determining why Mobile and Remote Access to Cisco TelePresence equipment does not work anymore for an organization. There are several administrators and configuration changes could have happened without anyone knowing. Internal communication seems to be working, but no external system can register or call anywhere. Gathering symptoms, you also discover that no internal systems can call out either.
What is TraversalZone missing that causes this issue?
A. link to the DefaultZone
B. pipe to the DefaultZone
C. SIP trunk to the DefaultZone
D. route pattern to the DefaultZone
A
"Using Links and Pipes to Manage Access and Bandwidth
You can also manage calls from unrecognized systems and endpoints by configuring the "links" and "pipes" associated with the Default Zone. For example, you can delete the default links to prevent any incoming calls from unrecognized endpoints, or apply pipes to the default links to control the bandwidth consumed by incoming calls from unrecognized endpoints."
65
Which entry in the public (external) DNS is valid to configure DNS SRV records for a Cisco Mobile and Remote Access solution?
A. _cisco-uds._tcp.
B. _cisco-mra._tls.
C. _collab-edge._tls.
D. _cisco-expwy._tls.
C
_cisco-uds is used for CUCM
_collab-edge is used for MRA
_cuplogin i sused for IM&P
66
Refer to the Exibit :
An engineer is deploying mobile and remote access in an environment that already had functioning Business to Business calling. Mobile and remote access SIP registrations are failing. To troubleshoot, SIP logs were collected.
How is this issue resolved?
A. Change the SIP profile on the SIP trunk for the Expressway-E to Standard SIP Profile for TelePresence Endpoint
B. Change the “Incoming Port” in the SIP Trunk Security Profile for the Expressway-C to not match SIP line registrations
C. Enable autoregistration for the appropriate DN range on the Cisco UCM servers running the
CallManager service
D. Write a custom normalization script since the “vcs-interop” normalization script does not allow
registrations
B
A diagnostic log from Expressway-C shows a SIP/2.0 405 Method Not Allowed message in response to the Registration request sent by the Jabber client. This is likely due to an existing Session Initiation Protocol (SIP) trunk between Expressway-C and CUCM using port 5060/5061. In order to correct this issue, change the SIP port on the SIP Trunk Security Profile that is applied to the existing SIP trunk configured in CUCM and the Expressway-C neighbor zone for CUCM to a different port such as 5065.
67
Refer to Exibit:
Logins and failing via mobile and remote access.
How is this resolved?
A. Mobile and remote access login has not been enabled for the domain configured in the Expressway-C.
The domain must be edited to allow Cisco UCM registrations.
B. SIP is disabled on the Expressway-E. The SIP protocol must be enabled on the server.
C. No Cisco UCM servers are configured in the Expressway-C. Servers must be added for CallManagerand IM and Presence services.
D. Although a traversal client zone exists, there is no Unified Communications traversal client zone. One must be created.
D
Unified CM registrations and IM&P say the "domain is configured but no active zone connection. This link has the suggestion from the Mentor in the Community thread.
68
Refer to the exhibit.
Mobile and remote access is being added to an existing B2B deployment and is failing. When the administrator looks at the alarms on the Expressway-C, the snippets are shown.
Which configuration action should the administrator take to fix this issue?
A. The listening port on the Expressway-C for SIP TCP must be changed to a value other than 5060
B. The listening port on the Expressway-C for SIP TLS must be changed to a value other than 5061
C. The listening port on the Cisco UCM for the Expressway-C SIP trunk must be changed to something other than 5060 or 5061.
D. The listening port on the Cisco UCM for the Expressway-C SIP trunk is set to something other than 5060 or 5061. It must be set to 5060 for insecure and 5061 for secure SIP
C
* If you have MRA connections to the Unified CM, which are line-side connections to 5060/5061, then you should
avoid using 5060/5061 as the listening port for any SIP trunks you create on that Unified CM.
69
Refer to the exhibit.
The administrator attempted to log in, but Jabber clients cannot log in via mobile and remote access.
How is this issue resolved?
A. Skype for Business mode must be disabled on the DNS server because it conflicts with Jabber login requirements.
B. The domain pod1.local must be deprovisioned from the Webex cloud for Jabber logins.
C. A DNS SRV record must be created for _collab-edge._tls.pod1.local that points to the Expressway-E.
D. The username jabberuser@pod1.local is invalid. The user should instead sign-in simply as jabberuser.
C
70
Refer to the exhibit showing logs from the Expressway-C, a copy of the Expressway-E certificate, and
the UC traversal zone configuration for the Expressway-C.
An office administrator is deploying mobile and remote access and sees an issue with the UC traversal
zone. The zone is showing “TLS negotiation failure”.
What is causing this issue?
A. The Expressway-E certificate includes the Expressway-C FQDN as a SAN entry
B. The Expressway-C is missing the FQDN of Cisco UCM in the Common Name of its certificate
C. In the UC Traversal Zone on the Expressway-C, the peer address is set to the IP of the Expressway-E,which is not a SAN entry in the Expressway-E certificate
D. The Expressway-E does not have the FQDN of Cisco UCM listed as a SAN in its certificate.
C
UC Traversal Zone Settings
Peer 1 address
Enter the FQDN of the Expressway-E.
Note that if you use an IP address (not recommended), that address must be present in the Expressway-E server certificate.
If you have configured Expressway-E with a dual NIC interface for MRA, enter the FQDN of Expressway-E's internal interface (not the IP address). Expressway-C requires a local DNS record that points to the FQDN of the Expressway-E's internal LAN
71
Which part of a hybrid cloud-based deployment with Cisco Webex Messenger Service is used for meeting capabilities?
A. Cisco Unified CM is always used for meeting capabilities.
B. Depending on the media flow, the Webex Meeting Center or local Cisco Unified CM meeting resources are used for meeting capabilities.
C. Depending on the origin of the user, the Webex Meeting Center or local Cisco Unified Communications Manager meeting resources are used for meeting capabilities.
D. Cisco Webex Meeting Center is always used for meeting capabilities.
D
The following services are available in a hybrid cloud-based deployment that uses Webex Messenger service:
Contact Source—The Cisco Webex Messenger service provides contact resolution.
Presence—The Cisco Webex Messenger service allows users to publish their availability and subscribe to other users' availability.
Instant Messaging—The Cisco Webex Messenger service allows users to send and receive instant messages.
Audio—Place audio calls through desk phone devices or computers through Cisco Unified Communications Manager.
Video—Place video calls through Cisco Unified Communications Manager.
Conferencing—Cisco Webex Meetings Center provides hosted meeting capabilities.
Voicemail—Send and receive voice messages through Cisco Unity Connection.
72
Which step is required when configuring Cisco Webex Hybrid Message Service?
A. Register Expressway-C Connector Hosts to the Cisco Webex Cloud.
B. Register Expressway-C to Cisco Unified Communications Manager.
C. Add Expressway-C and Cisco United CM to the Cisco Webex Cloud.
D. Add Cisco Unity Connection to Expressway-E.
A
We recommend that the Expressway-C be dedicated to hosting connectors for Webex Hybrid Services. You can use the Expressway-C connector host for other purposes, but that can change the supported number of users.
73
Which service is available in a cloud-based deployment using Cisco Webex Messenger?
A. Presence
B. Phone services
C. Voicemail
D. Call forward services
A
The following services are available in a cloud-based deployment using Webex Messenger:
-Contact Source
-Presence
-Instant Messaging
-Conferencing
74
Which statement about the Cisco Webex hybrid service is true?
A. Expressway Connector is required for an on-premises Exchange server.
B. Hybrid Message service works only with Jabber cloud deployment.
C. Directory Connector is required for Azure AD.
D. Directory Connector must be deployed for OBTP to work with on-premises video devices.
A
75
Which two statements about Cisco Webex Video Mesh Nodes are true? (Choose two.)
A. When Expressway Core works with VMN clusters, Expressway Core decides which VMN is used for signaling/media connection.
B. Cloud-registered devices choose a VMN cluster based on the lowest STUN round trip delay.
C. The cascading traffic between VMN must bypass the firewall.
D. When Cisco Unified Communications Manager works with multiple VMNs, Cisco Unified CM decides which VMN is used for signaling connection.
E. A VMN can terminate a media connection while operating in maintenance mode.
BD
76
Refer to the Exibit :
If the Webex Teams device cannot connect to Video Mesh Cluster-1 because it is busy, which media node does the Webex Teams device connect to next?
A. Both Cloud Node US-EAST and US-WEST
B. Video Mesh Cluster-2
C. Cloud Node US-EAST
D. Cloud Node US-WEST
B
Learned reachability information is provided to the Webex cloud every time a call is set up. This information allows the cloud to select the best resource (cluster or cloud), depending on the relative location of the client to available clusters and the type of call. If no resources are available in the preferred cluster, additional clusters are tested for availability based on SRT delay. A preferred cluster is chosen with the lowest SRT delay. Calls are served on premises from a secondary cluster when the primary cluster is busy. Local reachable Video Mesh resources are tried first, in order of lowest SRT delay. When all local resources are exhausted, the participant connects to the cloud.
77
A Cisco Webex Hybrid Video Mesh Node can be installed in the DMZ and on the internal network.
Which statement is true?
A. Webex Cloud supports either a DMZ-based Mesh Node for security or an internal-based Mesh Node for media control only.
B. Installing a Video Mesh Node in the DMZ requires you to open TCP and UDP port 4444 in your internal firewall for full clustering functionality.
C. Installing a Video Mesh Node in the DMZ requires the external firewall to allow UDP traffic from ANY port to the address of the Video Mesh Nodes via port 5004.
D. Using internal Video Mesh Node also works due to Mobile and Remote Access setup for Webex Teams clients. A DMZ node is added for extra security.
C
"The external firewall will need to allow UDP traffic from ANY port to the address of the Video Mesh Nodes via port 5004, so that roaming Webex Teams endpoints can send media to the nodes. This is not a preferred approach."
78
Where are voice calls handled in a Cisco Jabber hybrid cloud-based deployment with Cisco Webex Platform Service?
A. Voice calls use Webex Calling platform for call control and use hybrid media nodes for local conferencing.
B. Voice calls use local media nodes to keep traffic internal for internal traffic and use Webex Calling for external calls.
C. Voice call use Cisco Unified Communications Manager for local calls and Webex Calling for external calls.
D. Voice calls use local Cisco Unified Communications Manager for all calls.
D
Configure Deskphone Control
Prerequisites
The Cisco CTIManager service must be running in the Cisco Unified Communications Manager cluster.
* You cannot use this feature with devices that do not support CTI.
79
Refer to the exhibit :
Cisco Unified Communications Manager routes the call via the Webex Meetings route list and route group to the Video Mesh cluster Node#1 in the Video Mesh cluster is hosting the meeting and has reached full capacity, but other nodes in the cluster still have spare capacity.
What happens to the participant's call?
A. Another node in the cluster is used and an intra-cluster cascade between the two Video Mesh nodes is formed.
B. The call is queued.
C. The call fails.
D. Another node in the cluster is used and an intra-cluster cascade between Webex and the new Video Mesh node is formed.
A
If the node hosting the meeting reaches full capacity, another node in the cluster will be used and an intra-cluster cascade will be formed. (The intra-cluster cascade routes from node to node, not via Webex.)
80
An organization wants to enable a Cisco Webex connector to synchronize all employees automatically with Cisco Webex instead of using a manual list.
Where is the Webex Hybrid Directory Service configured?
A. Install Cisco Directory Connector on a Microsoft Windows Domain server and configure the software and Webex Control Hub.
B. Enable the directory service in Cisco Unified Communications Manager under Cisco Unified Serviceability and add the service in Webex Control Hub.
C. Enable the directory service on Cisco Expressway Edge for Office 365 or Cisco Expressway Core for internal Active Directory and add the service in Webex Control Hub.
D. Install the Cisco Express Connector and configure the device in Cisco Unified Communications Manager under Cisco Unified Serviceability and add the service in Webex Control Hub.
A
To deploy Webex Hybrid Directory Service in the PA for Webex Hybrid Services, we recommend the following:
* Ensure that the end-user account mail ID field in the Unified CM End User database contains the user's email address. Webex Teams users correlate to Cisco Unified CM end users by means of email addresses. With LDAP directory integration, the mail ID field for Unified CM end users is typically mapped from the mail field of the LDAP directory during synchronization.
* Install Cisco Directory Connector on a separate Windows server from the Active Directory Domain Service or Active Directory Lightweight Directory Services.
* Run a first synchronization after the Directory Connector installation finishes. Then configure full synchronization and incremental synchronization schedules to keep the Directory Connector (and in turn Webex) updated when resource and user information changes (resource or user update, deletion, or addition) within Microsoft Active Directory
81
With QoS enabled, which two statements about the Cisco Webex Video Mesh Node signaling and
media traffic are true? (Choose two.)
A. From VMN to CUCM SIP endpoints, the source UDP ports from 52500 to 62999 is used for audio traffic.
B. From VMN to Webex Teams clients, the source UDP port 5004 is used for video traffic.
C. From Webex cloud to VMN, the source UDP port 9000 is used for audio traffic.
D. From VMN to video endpoints, the destination UDP port 5004 is used for audio traffic.
E. From VMN to Webex cloud, the destination UDP port 9000 is used for video traffic.
AB
Video Mesh Node Unified CM SIP endpoints 52500 to 62999 Unified CM SIP Profile EF Audio
Video Mesh Node Webex Teams application or endpoint 5004 52100 to 52299 AF41 Video
82
What should be considered when using the Cisco Webex hybrid service?
A. Directory Connector must be deployed for OBTP to work with on-premises video devices.
B. Directory Connector is required for Azure AD.
C. Hybrid Message service works only with Jabber cloud deployment.
D. Expressway Connector is required for an on-premises Exchange server.
D ???
83
When a Cisco Webex Video Mesh Node is configured for an organization, which process does the Webex Teams client use to discover the optimal bridging resource?
A. the lowest STUN round-trip delay to each node and cloud.
B. a reachable Video Mesh Node and then overflows to the cloud, if needed.
C. the SIP delay header during call setup.
D. an HTTPS speed and latency test to each node and the cloud.
B
84
An administrator has been tasked to bulk entitle 200 existing users and ensure all future users are automatically configured for the Webex Hybrid Calendar Service.
(Choose Two)
A. Export a CSV list of users in the Cisco Webex Control Hub, set the Hybrid Calendar Service to TRUE for users to be enabled, then import the file back to Manage Users menu in the Cisco Webex Control Hub.
B. Set up an Auto-Assign template that enables Hybrid Calendar.
C. Select the Hybrid Services settings card in the Cisco Webex Control Hub and import a User Status report that contains only users to be enabled.
D. On the Users tab in the Cisco Webex Control Hub, check the box next to each user who should be enabled, then click the toggle for the Hybrid Calendar service to turn it on.
E. From Cisco Webex Control Hub, verify the domain that your Hybrid Calendar users will use, which automatically activates them for the service.
AB
85
What is a requirement when configuring the Cisco Webex Hybrid Message account for accessing the API of the Cisco UCM IM and Presence Service?
A. Add a new end-user with the “Standard AXL API Access” role.
B. Use an application user with only the “Standard CTI Allow Control of All Devices” role.
C. Use an application user not the main administrator account with the “Standard AXL API Access” role.
D. Use the main administrator account if it includes the “Standard AXL API Access” role
C
Configure an Application Account for Message Connector
Configure an account for Message Connector to access the AXL API of the Cisco Unified Communications Manager IM and Presence Service. You must use an independent administrator account, not the main administrator account. Remember the details of this account so you can enter them in the Message Connector configuration later.
86
The Cisco Webex Hybrid Message service is deployed geographically for separate Cisco Unified IM and Presence clusters.
What must be configured in the Cisco Webex Control Hub to achieve this deployment?
A. geo-locations
B. distributed DNS
C. verified domains
D. resource groups
D
"You can use Resource Groups in Control Hub to define your organization's geography, and then assign Expressway resources to different resource groups that represent locations.
The set of users you assign to each resource group should correspond to the users in all IM and Presence Service clusters served by the Expressways in those resource groups."
87
Refer to the exhibit.
When a Jabber user attempts to connect from outside of the organization, the user enters the login information as "user@example.com" and receives the error "Cannot find your services Automatically".
The engineer tries to resolve SRV records used by Jabber.
DNS A record "expressway-e.example.com" points to the Expressway-E IP and "cucm.example.com" points to the Cisco Unified Communications Manager.
Which change resolves the DNS problem?
A. Change cisco-uds to point to the Expressway-E FQDN.
B. Change the collab-edge record to point to 5061.
C. Remove the cisco-uds SRV record for the external DNS.
D. Change the priority of the SRV record for cisco-uds.
C
The following is an example of the _cisco-uds SRV record:
_cisco-uds._tcp.example.com SRV service location:
priority = 6
weight = 30
port = 8443
svr hostname = cucm3.example.com
_cisco-uds._tcp.example.com SRV service location:
priority = 2
weight = 20
port = 8443
svr hostname = cucm2.example.com
_cisco-uds._tcp.example.com SRV service location:
priority = 1
weight = 5
port = 8443
svr hostname = cucm1.example.com
88
What is one of the user-related prerequisites for Jabber Team Messaging Mode Installation?
A. Create user accounts in Cisco Webex Control Hub only.
B. Create user accounts in Cisco Unified Communications Manager only.
C. Create user accounts in Cisco Unified IM and Presence.
D. Create user accounts in Cisco Unified CM and Cisco Webex Control Hub.
D
Prerequisites for Jabber Team Messaging Mode Installation:
-Create user accounts in Unified Communications Manager.
-Create user accounts in Cisco Webex Control Hub.
89
An external Jabber device cannot register. While troubleshooting this issue, the engineer discovers that privately signed certificates are being used on Expressway-C and Expressway-E.
What action will resolve this issue?
A. The private CA certificate must be placed in the phone trust store
B. The Jabber client must register to the Cisco UCM internally before it will register externally
C. The device running the Jabber client must download and trust the private CA certificate
D. The device running the Jabber client must use a VPN to register
C
The certificates are signed by a CA that does not already exist in the trust store, such as a private CA. If so, you must import the private CA certificate to the Trusted Root Certification Authorities store.
* The certificates are self-signed. If so, you must import self-signed certificates to the Enterprise Trust store.
If the client cannot validate the certificate, it prompts you to confirm that you want to accept the certificate, and place it in its Enterprise Trust store.
* The certificates are signed by a CA that does not already exist in the trust store, such as a private CA. If so, you must import the private CA certificate to the Trusted Root Certification Authorities store.
90
Refer to the exhibit.
While troubleshooting Cisco Jabber login issues, there are some error messages.
Why is the Jabber client unable to sign in?
A. down Cisco Unified Communications Manager server
B. XMPP bind failures
C. incorrect login credentials
D. service discovery issues
B
Jabber Cannot Sign In Due to XMPP Bind Failure
The Jabber client may be unable to sign in ("Cannot communicate with the server” error messages) due to XMPP bind failures.
This will be indicated by resource bind errors in the Jabber client logs, for example:
XmppSDK.dll #0, 201, Recv:
91
A MRA deployment is being configured where one of the requirements is for registered Jabber users to pull directory photos from an internal server.
What should be configured on the Expressway-C so that MRA registered clients reach this server?
A. The directory photo server FQDN must be added to the Expressway-C certificate
B. A search rule must be created to route the requests to Cisco UCM
C. A neighbor zone must be created to the directory photo server
D. The directory photo server must be added to the HTTP allow list
D
Editing the HTTP Allow List
You can add your own inbound rules to the HTTP Allow List if remote clients need to access other web services inside the enterprise. For example, these services may require you to configure the allow list:
* Jabber Update Server
* Cisco Extension Mobility
* Directory Photo Host
* Managed File Transfer
* Problem Report Tool server
* Visual Voicemail
92
What should an engineer use to create users for a Cisco Jabber Cloud Deployment?
A. Cisco Webex Administration Tool
B. Cisco UCM
C. Cisco Webex Directory Connector
D. Cisco Unified IM and Presence Server
A
Cisco WebEx Administration Tool provides a number of ways to create users for your organization.
Procedure
Step 1 - You can add users individually using
the Cisco WebEx Administration Tool.
93
An administrator has been asked to configure Video Mesh signaling traffic to route through a proxy.
Which is an available proxy type in the Video Mesh node configuration to support this deployment model?
A. Transparent Explicit Proxy
B. Transparent Inspecting Proxy
C. Reverse Proxy
D. Distorting Proxy
B
The following proxy types are supported by Video Mesh:
-Explicit Proxy (inspecting or non-inspecting)
-None
-Basic
-Digest
-NTLM
-Transparent Proxy (non-inspecting)
-Transparent Proxy (inspecting)
94
Why would a Cisco Jabber contact under Hybrid Messaging Integration be grayed out?
A. The contact uses Cisco Webex Teams and Jabber and remains as Do not Disturb for 30 minutes.
B. The contact was using only Cisco Webex Teams and changed the status to Away.
C. The contact set Out of the Oce for Cisco Webex Teams.
D. The other user has not used Cisco Webex Teams or Jabber within the last 72 hours, so they are oine.
D
The other user has not used Webex App or Jabber within the last 72 hours. The Message Connector destroys the XMPP session it was holding for
the offline user's Webex App.
95
An engineer must x broken SSH tunnels between Expressway-C (192.168.10.5) and Expressway-E (192.168.20.5). The engineer is advised that
the packet capture shows the required packets for the SSH tunnels leaving the Expressway-C but not reaching the Expressway-E. Which firewall conguration must the engineer allow to resolve this issue?
A. port 2222 from Expressway-E to Expressway-C
B. port 7001 from Expressway-C to Expressway-E
C. port 7001 from Expressway-E to Expressway-C
D. port 2222 from Expressway-C to Expressway-E
D
HTTPS (tunneled over SSH between C and E): TCP 2222
96
Refer to the exhibit. Logins are failing via Mobile and Remote Access. How is this resolved?
A. No Cisco UCM servers are configured in the Expressway-C. Servers must be added for CallManager and IM and Presence services.
B. SIP is disabled on the Expressway-E. The SIP protocol must be enabled on the server.
C. Although a traversal client zone exists, there is no UC traversal client zone. One must be created.
D. Mobile and Remote Access login has not been enabled for the domain configured in the Expressway-C. The domain must be edited to allow Cisco UCM registrations.
C
97
An administrator is configuring DNS to allow Mobile and Remote Access logins for the domain cisco.com. Where must the _collab-edge_tls.cisco.com DNS SRV record be configured?
A. in the public DNS server
B. in DNS SRV settings under Cisco Unified OS Administration in Cisco UCM
C. in DNS settings in the Expressway-E on the interface that faces the Internet
D. in DNS settings under Cisco Unified OS Administration in Cisco UCM
A
The DNS SRV record for _collab-edge_tls.cisco.com should be configured in the public DNS zone for the cisco.com domain. This record is used by Cisco Collaboration Edge services to provide secure remote access for mobile devices and other remote users.
To configure the DNS SRV record, the administrator should create a new SRV record in the cisco.com domain's public DNS zone. The record should have the following attributes:
Service: _collab-edge-tls
Protocol: _tcp
Name: _collab-edge_tls.cisco.com
Priority: 1
Weight: 0
Port: 8443
Target: the FQDN (fully qualified domain name) of the Cisco Collaboration Edge server that will handle remote access requests
98
Cisco Jabber clients are failing to log in using Mobile and Remote Access. The administrator checked the Jabber problem report logs and saw that connections to the Expressway-E are being refused on TCP port 8443. From a packet capture run on the Jabber client while attempting to log in, there is no response to the TCP SYN packets sent to the Expressway-E by Jabber. Which two reasons are causing the Expressway-E to be unreachable on port 8443 from the internet? (Choose two.)
A. The Jabber clients using an outdated version.
B. The Unified Communications zone is down.
C. The firewall is blocking the port.
D. The certificate for Jabber is expired.
E. The SRV record for _cisco-uds is misconfigured.
CE
The _collab-edge SRV record should point to the Fully Qualified Domain Name (FQDN) of Expressway-E with port 8443. If the _collab-edge SRV is not created, or is not externally available, or if it is available, but port 8443 is not reachable, then the Jabber client fails to log in.
99
An organization wants to be able to call IP addresses and URI addresses. An engineer must configure Cisco Expressways to manage this request from the endpoints in the organization. How would the engineer configure the Expressways to allow these calls to be completed to external IP addresses?
A. Set calls to unknown IP addresses to direct on the Cisco Expressways, and add a search rule on the Expressway-E
B. Set calls to unknown IP addresses to indirect on the Cisco Expressways, and add a search rule on the Expressway-E
C. Use search rules to manage calls to IP addresses, and the direct/indirect setting on the Expressway is used as a fallback only if the search rules do not exist
D. Set calls to unknown IP addresses to indirect on the Expressway-C and direct on the Expressway-E, and add a search rule on the Expressway-E
D
Recommended configuration for firewall traversal
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/admin_guide/X14-0/exwy_b_cisco-expressway-administrator-guide/exwy_m_dial-plan-and-call-processing.html
100
When the network requirements are configured for a new Video Mesh deployment, which firewall ports are required so that Video Mesh cascade signaling succeeds?
A. TCP 443 and 444
B. TCP 443 and 8443
C. UDP 5004 and 5005
D. UDP 33432 through 33433
A
Ctrl + F “Cascade Signaling” https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/wbxt/videomesh/cmgt_b_webex-video-mesh-deployment-guide/cmgt_b_hybrid-media-deployment-guide_chapter_010.html
101
Which 16-digit number is unique to a serial number and is used to enable the system?
A. RMS license key
B. option key
C. release key
D. Expressway series
C
Table 8. Option Keys Not Needed in Either License Mode
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/release_note/X14-0-3/exwy_b_cisco-expressway-release-note-x1403.html
102
Refer to the exhibit. What are “Type” field values for this Expressway servers zone configuration?
A. Expressway-C “DNS”, Expressway-E “Traversal server”
B. Expressway-C “Traversal server”, Expressway-E “Traversal client”
C. Expressway-C “Neighbor”, Expressway-E “Neighbor”
D. Expressway-C “Traversal client”, Expressway-E “Traversal server”
D
The Expressway solution consists of:
An Expressway-E is located outside the firewall on the public network or in the DMZ, which acts as the firewall traversal server.
An Expressway-C or other traversal-enabled endpoint located in a private network acts as the firewall traversal client.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/admin_guide/X14-0/exwy_b_cisco-expressway-administrator-guide/exwy_m_firewall-traversal.html
103
An engineer reviews the configuration of a pair of Expressway servers for a company with the domain example.com. The company allows toll fraud calls to reach the Cisco UCM only when it expects externally registered devices to call internal 5-digit extensions. The search history shows that the fraudulent calls have a destination URI of 8 or more digits and several domains. What must the engineer configure to prevent all toll fraud calls from going past the Expressway-E to the internal network?
A. search rules to only route calls with a destination URI of 5 to 8 digits long on the Expressway-E
B. CPL that blocks calls with a destination domain other than example.com on the Expressway-C.
C. search rules to only route calls with a destination domain of example.com on the Expressway-E
D. CPL to block calls with a destination URI with 8 or more digits on the Expressway-E
D
104
Which two internal SIP endpoints behind a firewall place calls to external devices? (Choose two.)
A. An Expressway-C communicates with the internal endpoint and forwards the media to and from an Expressway-E.
B. A Cisco Endpoint is configured with a publicly routable static NAT SIP address to advertise instead of is private IP address.
C. An Expressway-C communicates directly with the remote party using the ICE protocol
D. An Expressway-E is used as a VPN server to allow remote SIP edge servers to connect calls
E. An Expressway-C rewrites the SIP SDP to advertise its own IP address to the external party.
AB
True. After looking at it again, A and B are the only answers that mention "endpoints"
* (test) A. An Expressway-C communicates with the internal endpoint and forwards the media to and from an Expressway-E. (most logical)
* B. A Cisco Endpoint is configured with a publicly routable static NAT SIP address to advertise instead of is private IP address. (best answer)
* C. An Expressway-C communicates directly with the remote party using the ICE protocol (not an endpoint)
* (test) D. An Expressway-E is used as a VPN server to allow remote SIP edge servers to connect calls (cannot find any info on this) (not an endpoint)
* E. An Expressway-C rewrites the SIP SDP to advertise its own IP address to the external party. (not an endpoint)
105
Which mechanism does TLS use to validate identity?
A. server certificate
B. shared secret
C. username and a password
D. IP address of the peer
A
The TLS protocol
uses endpoint authentication and encryption to provide secure connections over any network. Encryption
protects against eavesdropping, and digital certificates (signed by a trusted CA) protect against tampering and
message forgery by authenticating the endpoints.
106
An engineer is investigating failing incoming calls that are expected to connect. The engineer notices that the failed calls all have a port number of 5060 at the end of the URI. The search rules are configured in a way that they do not expect a port to be included. Which configuration allows the routing of this call?
A. * transform with a pattern string of *(.*)@example.com(:5060)?"
* replace a suing of \1@example.com
B. * search rule with a pattern string of “(.*)@example.com(:5050)?"
* replace a string of \1\2@example com
C. search rule with a pattern string of “(.*)@example.com(:5060)?"
* replace a string of \1@example.com\2
D. * transform with a pattern string of
“(.*)@example.com(:5060)?"
* replace a string of \1@example.com\2
A
107
Refer to the exhibit. Call policy rules on an Expressway-E prevent external callers from the internet from calling a VIP whose URI is vip@cisco.com. Which additional configuration setting is required for this call policy to function as intended?
A. The default zone on the Expressway-E must not be configured to treat as authenticated.
B. A search rule must be configured with an extract match for vip@cisco.com to pass the call to the Expressway-C.
C. The Cisco TelePresence endpoint registered with the URI vip@cisco.com must be set in “do not disturb” mode.
D. SIP TLS must be disabled on the Expressway-E.
A
Authentication Policy Configuration Options
Authentication policy behavior varies for H.323 messages, SIP messages received from local domains and SIP messages from non-local domains.
The primary authentication policy configuration options and their associated behavior are as follows:
* Check credentials: Verify the credentials using the relevant authentication method. (prevents external callers)
* Do not check credentials: Do not verify the credentials and allow the message to be processed. (does not prevent external callers)
* Treat as authenticated: Do not verify the credentials and allow the message to be processed as if it is has been authenticated. (does not prevent external callers) This option can be used to cater for endpoints from third-party suppliers that do not support authentication within their registration mechanism.
108
An engineer configures a Cisco Collaboration environment to use Mobile and Remote Access for external access for company users. The engineer uses OAuth with refresh on the Cisco UCM SIP lines for extra security and improved user experience. During the setup, Mobile and Remote Access does not work, it is enabled on the Cisco UCM and Cisco Expressways. SIP trunks on ports 5090 and 5091 are configured to avoid conflicts with other SIP trunks between internal Cisco UCM clusters. The traversal zone also uses port 6500. The traversal zone between Expressways shows no errors, and the requests hit Expressway-E from the Internet. What is the reason that the solution does not work?
A. Mobile and Remote Access does not support OAuth with refresh with this configuration,
B. The default port for Mobile and Remote Access is 6001. Therefore, the traversal port must be port 6001 for Mobile and Remote Access to work.
C. The default port for Mobile and Remote Access is 6500, which creates a conflict with the existing traversal zone port.
D. The default port for Mobile and Remote Access is 5091, which creates a conflict with the existing SIP trunks.
C
Option A is incorrect because Mobile and Remote Access does support OAuth with refresh.
Option B is incorrect because the default port for Mobile and Remote Access is 6500, not 6001.
Option D is incorrect because the default port for Mobile and Remote Access is 6500, not 5091.
109
What is a benefit of Cisco Webex Messenger Cloud deployment?
A. Cloud deployment is more secure than an on-premises deployment.
B. There is no additional cost to use a cloud deployment.
C. Cloud deployment allows interoperability between Cisco Jabber and Webex Teams users.
D. Cloud deployment is faster than using an on-premises deployment.
C
Hybrid Message Components and Users
Hybrid Message connects your Cisco Unified Communications Manager IM and Presence Service (IM and Presence Service) to Webex to enable interoperability with Webex App.
Note - This deployment provides interoperability between your on-premises Jabber deployment and Webex App users. This is different to the interoperability between cloud-based Jabber deployments and Webex App users (see https://help.webex.com/article/nzx9su0 for more on that deployment).
110
Cisco Collaboration endpoints are exchanging encrypted signaling messages. What is one complication in implementing NAT ALG for voice and video devices?
A. NAT ALG is not compatible with the H.323 signaling protocol.
B. NAT ALG introduces latency in the media path.
C. The NAT ALG cannot inspect the contents of encrypted signaling messages.
D. NAT ALG requires the use of NAT reflection, which may not be supported on all firewalls.
C
A NAT ALG is similar to a firewall ALG, but a NAT ALG actually changes (maps) the addresses and ports in the signaling messages. The NAT ALG cannot inspect the contents of encrypted signaling messages.
111
How are Cisco Webex Video Mesh deployments supported?
A. Video Mesh Dual NIC are supported in demilitarized deployments.
B. Mixed Single NIC and Dual NIC are supported in the same data center deployments.
C. Clustering Video Mesh Nodes over the WAN are supported if Round Trip Time is low.
D. IPv6 and IPv4 deployments are supported for Video Mesh clusters.
A
For a DMZ deployment, you can set up the Video Mesh node with the dual network interface (NIC). This deployment lets you separate the internal enterprise network traffic (used for interbox communication, cascades between node clusters, and to access the node's management interface) from the external cloud network traffic (used for connectivity to the outside world and cascades to the cloud). All nodes in a cluster must be in dual NIC mode; a mixture of single and dual NIC is not supported.
112
An administrator is deploying Cisco Expressways for Mobile and Remote Access. The registration domain is “example.com”, and the Expressway-E FQDN is “expe.example.com”. Cisco Jabber clients on the internet cannot discover services via DNS lookup. Which SRV records must be configured in the public DNS to allow Service Discovery?
A. _collab-edge._tls.example.com
B. _cisco-uds_tcp.expe.example.com
C. _cisco-uds_tcp.example.com
D. _collab-edge_tls.expe.example.com
A
113
How is the communication routed in a Hybrid deployment so that people on Cisco Cloud-Based IM are able to communicate with Cisco Jabber users in the on-premises environment?
A. The Expressway-C enables a connection directly with the Cisco Webex Cloud to enable the hybrid service and allow the two services to communicate.
B. The Expressway-E located in the DMZ establishes a connection with the Cisco Webex Cloud to enable the hybrid service and allow the two services to communicate.
C. The Cisco Unified IM and Presence server establishes a connection using the outgoing path through the Cisco Expressways that terminates in the Cisco Webex Cloud to create the hybrid environment that links the two services together.
D. The Cisco UC server establishes a connection using the outgoing path through the Cisco Expressways that terminates in the Cisco Webex Cloud to create the hybrid environment that links the two services together.
A
Exp-C connector server used for hybrid deployments
114
An engineer learns from an end user that calls from outside the company are not being received. Calls are being made to other businesses outside of the company on video using URL addresses. The change management log shows no changes in the configuration of the collaboration solutions. The engineer examines the endpoint, which seems to be registered to the Cisco UCM, and the SIP trunk between the Cisco UCM and sees that the Expressway is also up. In addition, the traversal link shows no errors between the Expressways. Which action must the engineer take to troubleshoot this issue?
A. On the Cisco UCM, run the Real-Time Monitoring Tool to see if any incoming calls fail.
B. On the Expressway-E, run diagnostic logging under maintenance to see if any requests reach the system.
C. On the Expressway-E, check the NTP settings to ensure that TLS will be able to terminate. If the clock is out of sync, incoming calls from other working systems would work bur not outgoing calls from the company.
D. On the Expressway-C, run a network log under administrative tools to see if any requests reach the system.
B
115
Which protocol and port are used for signaling between on-premises Cisco Webex Video Mesh Nodes and Cloud Media Services?
A. standard SIP over TCP port 5060
B. signaling over HTTPS TCP port 443
C. standard SIP TLS over TCP port 5061
D. signaling over TCP port 444
D
Traffic Signatures for Cascade Signaling to the Webex Cloud Media Services
Source - Video Mesh Node
Destination - Webex Cloud Media Services
Source Address - ANY
Source Port - ANY
Protocol - TCP
Destination Address - ANY
Destination Port - 444
116
An engineer is supporting an existing Cisco Collaboration deployment that has internal and external home users using the solution without VPN. Business usage also includes B2B calling for voice and video. Suddenly the engineer receives a report that one of the home office users cannot use the Cisco Jabber client, and shortly after, a few more reports come in for the same error. What must the engineer check first to resolve this issue?
A. client logs of the users
B. real-time monitoring toll logs for problems
C. alarms on the Cisco Expressways
D. alarms on the Cisco UCM Cluster
C
117
Which interworking option must be used on the Expressway for it to act as a SIP/H.323 gateway when no endpoint is registered?
A. enabled
B. registered only
C. off
D. on
D
Tough one. The question asks "for it to act as a SIP/H.323 gateway when no endpoint is registered", not the recommended option.
The options for the H.323 <-> SIP interworking mode are:
-Off: The Expressway does not act as a SIP–H.323 gateway.
-Registered only: The Expressway acts as a SIP–H.323 gateway but only if at least one of the endpoints is locally registered.
-On: The Expressway acts as a SIP–H.323 gateway regardless of whether the endpoints are locally registered.
118
Refer to the exhibit. An administrator troubleshoots Cisco Jabber users experiencing issues when trying to log in and notices errors in the Jabber problem report log. The administrator also sees that the Intercluster Sync Agent service is not running on the IMM and Presence server. Why is the Jabber client unable to sign in?
A. The XmppSDK.dl file is missing from the IM and Presence server
B. The XMPP stanza is not using the correct ID for the Jabber client.
C. The XMPP bind failed on the IM and Presence server
D. The Jabber client refused the XMPP bind connection.
C
Jabber Cannot Sign In Due to XMPP Bind Failure
The Jabber client may be unable to sign in ("Cannot communicate with the server” error messages) due to XMPP bind failures.
This will be indicated by resource bind errors in the Jabber client logs, for example:
XmppSDK.dll #0, 201, Recv:
119
An administrator configures a secure SIP trunk in Cisco UCM to Expressway-C. The SIP trunk fails to become active, and an examination of a packet capture finds that the TLS handshake failed with a “Certificate Unknown” error from Cisco UCM. To allow the Cisco UCM to trust the Expressway-C and establish a TLS connection, the administrator will upload the Expressway server certificate to the trust store. To which trust store must the certificate be uploaded?
A. tomcat-trust
B. CallManager-trust
C. TVS-trust
D. ipsec-trust
A
Tomcat-Trust = tls verify
callmanager-trust = secure device registration
In the question it's talking about the initial SIP Trunk standup, not device registration. So i'd lean toward Tomcat-trust A.
120
An administrator is enabling Mobile and Remote Access login for the Cisco UCM registration domain cisco.com. Phones are registered with a Cisco UCM phone security profile name of securephone.cisco.com. Which two subject alternative names must be configured? (Choose two.)
A. Securephone.cisco.com on the CallManager certificate
B. cisco.com on the Expressway-C certificate
C. Securephone.cisco.com on the Expressway-E certificate
D. cisco.com on the Expressway-E certificate
E. Securephone.cisco.com on the Expressway-C certificate
DE
121
Cisco Expressways are being deployed for Mobile and Remote Access. The Expressway-E internal interface (LAN1) IP is 192.168.100.10/24, and the external interface (LAN2) IP is 172.16.100.10/24.
The Expressway-C IP is 192.168.20.10/24. The default gateway for each subnet is the first useable address. How must the Expressway-E be configured to allow proper routing to the internal and external networks?
A. IPv4 gateway: 172.16.100.1, and a static route for the 192.168.100.0/24 subnet using LAN1
B. IPv4 gateway: 192.168.100.1, and a static route for the 192.168.20.0/24 subnet using LAN1
C. IPv4 gateway: 192.168.100.1, and a static route for the 172.16.100.0/24 subnet using LAN2
D. IP v4 gateway: 172.16.100.1, and a static route for the 192.168.20.0/24 subnet using LAN1
D
122
An administrator installs a new webserver (server1.example.com – 10.1.1.90) for storing Cisco Jabber update files to the network, but all Mobile and Remote Access registered clients still run the old Jabber software version, and the update fails. Which configuration task on an Expressway server solves the Jabber software update issue?
A. Add a rule with the URL http://server1.example.com:80/ to the outbound HTTP allow list manually to allow pushing the new software to the clients.
B. Add a rule with the URL http://server1.example.com:80/ to the inbound HTTP allow list manually to allow access to the new web server.
C. Add a rule with the server IP address 10.1.1.90 in the URL to the inbound HTTP allow list because server names and FQDNs are not supported.
D. Run an IM and Presence server discovery process on Expressway-C to add the new web server to the inbound HTTP allow list automatically.
B
123
What is the first step to restoring an Expressway cluster from a backup?
A. use the backup that is specific to each Expressway peer in the cluster
B. upgrade each Expressway peer to the latest Expressway software
C. remove each Expressway peer from the cluster
D. add all the Expressway peers to the cluster
C
124
An engineer must configure Mobile and Remote Access. One of the requirements is to expect Cisco Jabber users to enter username@cisco.com as the login userid. Which DNS record must the engineer modify to start implementing this requirement?
A. _cuplogin._tcp.cisco.com
B. _collab-edge._tls.cisco.com
C. _cisco-uds._tls.cisco.com
D. _cisco-uds._tcp.cisco.com
B
125
Refer to the exhibit. When Expressway-E routes a call with URI 4040@uclab.local to a DNS zone, which DNS server does the Expressway query for the SIP SRV records?
A. 10.20.20.20
B. 10.10.10.10
C. 10.40.40.40
D. 10.30.30.30
A
126
An administrator is configuring a new Cisco Webex Hybrid Message Service deployment, and the Expressway-C Message Connector is successfully registered in the Control Hub. After the server information of the IM and Presence server is added to the Expressway-C, an error “Connectivity to IM and Presence AXL Service could not be established” is displayed in the Control Hub. The Cisco AXL Web Service is enabled on the IM and Presence Service publisher, and the main administrator account enabled for AXL API permission is being used. Which configuration change must be made to resolve this error?
A. Enable the Cisco AXL Web Service on the Control Hub
B. Enable the Cisco AXL Web Service on the Expressway-C Message Connector
C. Enable an End User account for AXL.API permissions on the IM and Presence Service publisher
D. Enable a second administrator account for AXL API permissions on the IM and Presence Service publisher
D
Configure an account for Message Connector to access the AXL API of the Cisco Unified Communications Manager IM and Presence Service. You must use an independent administrator account, not the main administrator account.
127
An employee has recently left an organization and a manager suspects that this employee may have made changes to the system that no one is aware of. Mobile and Remote Access registration is not working. Internal communications appear to be working, but no external system is able to register or call anywhere. While investigating this problem, it is discovered that no internal systems are able to call externally either. What is the TraversalZone missing that is causing this issue?
A. SIP trunk to the DefaultZone
B. route pattern to the DefaultZone
C. link to the DefaultZone
D. pipe to the DefaultZone
C
Links connect local subzones with other subzones and zones. For a call to take place, the endpoints involved must each reside in subzones or zones that have a link between them.
128
Drag And Drop
Answer
The following table shows which CSR alternative name elements apply to which Unified Communications features:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X14-0/cert_creation_use/exwy_b_cisco-expressway-certificate-creation-and-use-deployment-guide-x14-0/exwy_b_certificate-creation-use-deployment-guide_chapter_011.html
129
Refer to the exhibit. A Cisco Webex device on an enterprise network has identified the given STUN round-trip delays in milliseconds to the enterprise Video Mesh clusters and two Webex Cloud Media clusters during the call setup. Which correct sequence of clusters is the client connecting to?
A. US West Coast WCMC. If US West Cost WCMC is full, then Europe WCMC because clients select clusters in the order of SRT delays.
B. DC Europe. If DC Europe is full, DC APAC because clients select on-premises clusters in the order of SRT delays before using cloud resources,
C. DC Europe. If DC Europe is full, US West Coast WCMC because clients select resources in the order of SRT delays but ignore SRTs greater than 250 ms
D. US West Coast WCMC. Clients continuously monitor DC US cluster and reconnect when DC US are available to save bandwidth.
C
Local reachable Video Mesh resources are tried first, in order of lowest SRT delay. When all local resources are exhausted, the participant connects to the cloud.
While the preference for node selection is your locally deployed Video Mesh nodes, we support a scenario where, if the STUN round-trip (SRT) delay to an on-premises Video Mesh cluster exceeds the tolerable round-trip delay of 250 ms (which usually happens if the on-premises cluster is configured in a different continent), then the system selects the closest cloud media node in that geography instead of a Video Mesh node.
130
An engineer is deploying Mobile and Remote Access to allow external Cisco Jabber users to sign into a Cisco UCM cluster via Cisco Expressways. The users will sign-in in the format username@cisco.com. Contact photos for Jabber are hosted on a webserver with the FQDN of phonebook cisco.com. Which configuration must be completed to allow external Jabber users to see contact photos?
A. An HTTP allow list entry must be made on the Expressway-E for phonebook cisco.com.
B. A SIP allow list entry must be made on the Expressway-E for .*@cisco.com.
C. An HTTP allow list entry must be made on the Expressway-C for phonebook cisco.com.
D. A SIP allow list entry must be made on the Expressway-C for .*@cisco.com.
C
131
Drag and drop the services from the left onto their descriptions on the right. Some services are used more than once.
132
An engineer must configure the zone to connect to an Expressway-E using Single NIC with NAT. The internal IP address is 192.168.10.63, and the NAT address is 203.0.113.5. What must the engineer configure on the Expressway-C to meet this requirement?
A. traversal zone with the peer address 192.168.10.63
B. neighbor zone with the peer address 192.168.10.63
C. traversal zone with the peer address of 203.0.113.5
D. neighbor zone with the peer address of 203.0.113.5
C
Note - You must enter the FQDN of the Expressway-E, as it is seen from outside the network, as the peer address on the Expressway-C's secure traversal zone. The reason for this is that in static NAT mode, the Expressway-E requests that incoming signaling and media traffic should be sent to its external FQDN, rather than its private name.
This also means that the external firewall must allow traffic from the Expressway-C to the Expressway-E's external FQDN. This is known as NAT reflection, and may not be supported by all types of firewalls.
This deployment consists of the following elements:
* Single subnet DMZ (10.0.10.0/24) with the following interfaces:
* Internal interface of firewall A – 10.0.10.1 (192.168.10.63)
* External interface of firewall B – 10.0.10.2
* LAN1 interface of Expressway-E – 10.0.10.3
* LAN subnet (10.0.30.0/24) with the following interfaces:
* Internal interface of firewall B – 10.0.30.1
* LAN1 interface of Expressway-C – 10.0.30.2
* Network interface of Cisco TMS – 10.0.30.3
A static 1:1 NAT has been configured on firewall A, NATing the public address 64.100.0.10 to the LAN1 address of the Expressway-E. Static NAT mode is enabled for LAN1 on the Expressway-E, with a static NAT address of 64.100.0.10 (203.0.113.5)
133
Cisco Collaboration deployment has video endpoints that can do B2B calls over the internet, but they also can make audio calls through a gateway. This ability means that someone from the internet can make fraud calls through the system. Which action must an engineer take to set up the search rules for calls that are being headed to the PSTN gateway?
A. Ensure that only requests that are authenticated are allowed to make a PSTN call.
B. Avoid using any wild card in the source settings in the search rules.
C. Add registered devices only in the search rule for the PSTN gateway.
D. Add registered devices only in the zone for the PSTN gateway.
B
-You need Cisco Expressway version X12.5.7 or later.
-You should have knowledge of the North American Numbering Plan (NANP).
-From X12.5.7, the usual requirement to have at least one RMS license installed before
a call can be placed does not apply to direct 911 calls.
-To minimize toll fraud risks, avoid using the "Any" wild card for the Source setting.
-The PSTN gateway also needs to be configured to route 911 calls without a prefix.
-For deployments that are geographically spread with the gateway in a different location
from the endpoints, keep in mind the practical routing requirements for 911 calls and
the possibility that callers may be connected to an emergency agent in a different place
from their own location.
134
Which commands disable SIP Inspection on the Cisco ASA FirePOWER firewall?
A. hostname#no inspect sip
B. hostname(config)#policy-map global_policy
hostname(config-pmap)#class-map inspection default
hostname(config-pmap)#no inspect_sip
C. hostname(config)#no inspect_sip
D. hostname(config)#policy-map global_policy
hostname(config-pmap)#class-map inspection_default
hostname(config-pmap)#no inspect sip
D
135
Which dial plan settings can be used to set up different regulations according to the protocol (SIP or H.323) or the source of the query?
A. presearch transforms
B. search rules
C. call policy
D. policy services
B
136
When external video endpoints are called via a DNS zone, which dialing method requires DNS to be configured in the Expressway server?
A. IP dialing
B. URI dialing
C. DN dialing
D. E.164
B
137
A company has a single Expressway-E that exhibits high resource utilization. An engineer checks the logs and finds numerous fraudulent attempts from sip:200@cisco.com. Where must the engineer go to configure a call policy rule and block the desired URI?
A. Call History Configuration > Call Policy > Rules
B. Configuration > Call History > Policy > Rules
C. Configuration > Call Policy > Rules
D. Configuration > Policy > Inbound > Rules
C
138
How do the Cisco Expressway-C and Expressway-E servers transmit media to each other?
A. RTP and RTCP are multiplexed for all internal and external video endpoints across the traversal link using UDP.
B. When the Expressway-C receives RTP and RTCP media, it establishes a new UDP socket with the Expressway-E.
C. RTP and RTCP are multiplexed for all internal and external video endpoints across the traversal link using TLS.
D. When the Expressway-E receives RTP and RTCP media, it establishes a new UDP socket with the Expressway-C.
B
139
An engineer must enable the communication between two separate Expressway-C servers to allow inbound and outbound calling between different endpoints registered on each server. Which configuration must happen?
A. Configure a traversal zone on each server with a destination of the other Expressway-C.
B. Configure a neighbor zone on each server with a destination of the other Expressway-C.
C. Configure a transform on each server to strip the port numbers at the end of the alias.
D. Configure a transform on each server to convert the calling alias into the called alias.
C
140
A video device registered with Cisco UCM failed to make an outbound B2B call. From Expressway-C diagnostic logs, an engineer found that the destination pattern is “john@example.com:5061”, and the call was dropped with a 404 response code from Expressway-C. The search rule intended for this call-in Expressway-C is configured for Alias Pattern Match, Pattern type “Suffix,” and Pattern “example.com”. How must the configuration be changed to allow the call?
A. Update the route pattern in Cisco UCM to send calls to “example.com” to the correct port.
B. Create a transform on Expressway-C to strip port numbers.
C. Create a call policy rule on Expressway-E to allow calls to port 5061.
D. Update the call policy list in Expressway-C to allow calls to “example.com”.
B
141
Which type of interface is required when the Cisco Expressway-E is located in a DMZ between two separate firewalls on separate network segments?
A. dual network interface
B. application programming interface
C. command line interface
D. single network interface
A
When the Cisco Expressway-E is located in a DMZ between two separate firewalls on separate network segments, you need to use a dual-NIC Expressway-E with the Advanced Networking option key enabled. This will allow you to configure two network interfaces on the Expressway-E, one for each network segment. You can then configure the Expressway-E to act as a proxy server between the two networks, allowing calls to pass between the internal and external firewalls that make up your DMZ.
The following steps are required to configure a dual-NIC Expressway-E with the Advanced Networking option key enabled:
Install the Expressway-E software on the device.
Connect the Expressway-E to the two network segments using two separate network cables.
Log in to the Expressway-E web interface.
Go to the System > Network page.
Click the Add Interface button.
Select the Dual NIC option.
Enter the IP address, subnet mask, and gateway for each network interface.
Click the Save button.
142
What is a description of an Interactive Connectivity Establishment?
A. It is used by B2BUA to keep the firewall ports opened for inbound/outbound calls.
B. It allows Mobile and Remote Access endpoints to connect video calls signaling peer-to-peer.
C. It allows calling external endpoints with reduced overhead under VPN connections.
D. It is used to find the best media path between network elements in traversal calls.
D
The answer is D. Interactive Connectivity Establishment (ICE) is a protocol used to find the best media path between network elements in traversal calls. It does this by first discovering all possible paths between the two endpoints, and then selecting the path with the lowest latency and jitter. ICE is used by many different applications, including WebRTC, SIP, and H.323.
Here are the other options and why they are incorrect:
A. B2BUA stands for "Back-to-Back User Agent". It is a type of SIP proxy that sits between two endpoints and relays messages between them. B2BUAs are often used to keep firewall ports opened for inbound/outbound calls, but they do not use ICE to do this.
B. Mobile and Remote Access endpoints can connect video calls signaling peer-to-peer using a variety of protocols, including ICE. However, ICE is not the only protocol that can be used for this purpose.
C. Calling external endpoints with reduced overhead under VPN connections can be done using a variety of methods, including ICE. However, ICE is not the only method that can be used for this purpose.
143
An administrator must configure the DNS SRV records for Mobile and Remote Access for a company with the domain example.com, the Expressway-E FQDN is ExpE.example.com, and the Expressway-C FQDN is Exp-C.example.com. What must the administrator configure to allow external clients to discover the Expressway-E server?
A. SRV record _collab-edge._tls.example.com that resolves to ExpE.example.com on port 8443
B. SRV record _cisco-uds._tcp.example.com that resolves to ExpE.example.com on port 5061
C. SRV record _cisco-uds._tcp.example.com that resolves to ExpC.example.com on port 8443
D. SRV record _collab-edge._tls.example.com that resolves ta ExpE.example.com on port 5061
A
144
Within which cache timeline do the Webex App endpoints perform a STUN test to calculate round-trip delay time to available media node clusters?
A. 1 hour
B. 2 hours
C. 4 hours
D. 6 hours
C
The answer is C. 4 hours.
Webex App endpoints perform a STUN test to calculate round-trip delay time to available media node clusters every 4 hours. This ensures that the endpoints are always using the best possible media node cluster for their connection.
A STUN test is a simple way to measure the round-trip delay time between two endpoints. It works by sending a message from one endpoint to the other and then measuring the time it takes for the message to return. This information can then be used to calculate the round-trip delay time between the two endpoints.
The round-trip delay time is an important factor in determining the quality of a media connection. A high round-trip delay time can cause audio and video to be choppy and out of sync. By performing a STUN test every 4 hours, Webex App endpoints can ensure that they are always using the best possible media node cluster for their connection. This helps to improve the quality of the media connection and the overall user experience.
145
A company has an on-premises Cisco collaboration cluster that contains Cisco UCM, IM and Presence, and Cisco Webex in the cloud. The company wants to integrate the on-premises infrastructure with Webex to enable interoperability with the Webex App. An engineer already configured the cluster in Cisco UCM, IM and Presence, and the organization in the Webex Control Hub. Which action must the engineer take to complete the configuration?
A. Deploy Directory Connector.
B. Open the TCP 443 port from IM and Presence to Webex Cloud.
C. Deploy a Webex Device Connector.
D. Deploy a Cisco Expressway Message Connector host.
D
The correct answer is D. Deploy a Cisco Expressway Message Connector host.
146
Which action is required when using Cisco Jabber for Cloud with Cisco Webex Messenger?
A. Configure, extend, and connect.
B. Configure policies.
C. Configure service discovery for remote access.
D. Configure desk phone control.
C
147
During the deployment of a Cisco Webex Video Mesh, where do on-premises SIP endpoints send signaling?
A. On-premises endpoints cannot participate in Cisco Webex Video Mesh
B. to the cloud
C. to the switching services
D. to the call control environment (Unified CM or Expressway)
D
