Cisco 300-820 Flashcards
Which complication does a NAT introduce in SDP for a SIP call?
A. Additional headers due to NAT encapsulation can cause the packet size to exceed the MTU.
B. When the client is behind a NAT they may be unable to determine the appropriate offset due to time zones.
C. The IP address specified in the connection data field may be an unrouteable internal address.
D. The encryption keys advertised in the SDP are only valid for clients not behind a NAT.
C
(https://www.examtopics.com/exams/cisco/300-820/view/)
A company already has a Cisco Unified Communications Manager for internal audio and video traffic, but it requires video communication with external partners and customers. It is important to ensure security for the deployment and the connectivity.
What must be set up to enable this requirement?
A. Cisco Unified Border Element and Cisco ASA Firewall B. Cisco Unified Border Element and Cisco Firepower Firewall C. Cisco Expressway-C and Cisco Expressway-E D. Cisco Expressway-C and Cisco Unified Border Element
C
When an Expressway-E is configured for static NAT, which Session Description Protocol attribute is modified to reflect the NAT address?
A. SDP b-line B. SIP record route C. SDP c-line D. SDP m-line
C
A company is installing Cisco Collaboration infrastructure and one of the requirements is that they must be able to communicate with many external parties that are using H.323 and SIP. Internally they want to register the endpoints only on SIP.
Which functionality would describe the feature that needs to be enabled and where to achieve this?
A. Interworking in Expressway-C B. Transcoding in Cisco Unified Communications Manager C. Transcoding in Expressway-C D. Interworking in Cisco Unified Communications Manager
A
What is a key configuration requirement for Hybrid Message Service High Availability deployment with multiple IM and Presence clusters?
A. You must have the Intercluster Sync Agent working across your IM and Presence clusters. B. You must have the Intercluster Lookup Service working across all of your IM and Presence clusters. C. Your IM and Presence Service clusters must have Multiple Device Messaging disabled. D. AXL service should be activated only on the publisher of each IM and Presence cluster.
A
The Cisco Sync Agent must be running on the database publisher node of each intercluster peer on the local and remote IM and Presence database publisher nodes
Cisco Collaboration endpoints are exchanging encrypted signaling messages.
What is one major complication in implementing NAT ALG for voice and video devices?
A. Internal endpoints cannot use addresses from the private address space. B. The NAT ALG cannot inspect the contents of encrypted signaling messages. C. NAT ALG introduces jitter in the voice path. D. Source addresses cannot provide the destination addresses that remote endpoints should use for return packets.
B
The NAT ALG cannot inspect the contents of encrypted signaling message - https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab11/collab11/security.html
What are two reasons why port 8443 is unreachable from the Internet to the Expressway-E? (Choose two.)
A. The MRA license is missing on the Expressway-E. B. The Unified Communications zone is down. C. Transform is not configured on Expressway-E. D. The SRV record for _cisco-uds is misconfigured. E. The firewall is blocking the port.
D E
Which media encryption mode can be configured on an Expressway zone?
A. Advanced Encryption Standard
B. IPsec
C. Triple Data Encryption Standard
D. force unencrypted
D
The encryption mode options are:
Force encrypted: All media to and from the zone/subzone must be encrypted. If the target system/endpoint is configured to not use encryption, then the call will be dropped.
Force unencrypted: All media must be unencrypted. If the target system/endpoint is configured to use encryption, then the call may be dropped; if it is configured to use Best effort then the call will fall back to unencrypted media.
Best effort: Use encryption if available, otherwise fall back to unencrypted media.
Auto: No specific media encryption policy is applied by the Expressway. Media encryption is purely dependent on the target system/endpoint requests. This is the default behavior and is equivalent to how the Expressway operated before this feature was introduced.
What is the purpose of a transform in the Expressway server?
A. A transform has the function as a neighbor zone in the Expressway. It creates a connection with another server. B. A transform changes the audio codec when the call goes through the Expressway. C. A transform is used to route calls to a destination. D. A transform changes an alias that matches certain criteria into another alias.
D
An organization with a domain name of example.com.
Which two SRV records are valid for a SIP and H.323 communication? (Choose two.)
A. _sips._tcp.example.com B. _sips._udp.example.com C. _h323ls._udp.example com D. _h323ls._tcp.example.com E. _collab-edge._tls.example.com
A C
What is the Cisco-recommended key length in bits for a Cisco Expressway certificate?
A. 1024 B. 2048 C. 4096 D. 8192
C
SIP TLS zones may fail to become active if certificates use a key length of 8192 bits. We recommend using certificates with a key length of 4096 bits.
(\d{3})(\d{3})(\d{3})(\d{3})
Refer to the exhibit. Which two numbers match the regular expression? (Choose two.)
A. d20d16d20d22 B. 2091652010224 C. 209165200225 D. d209d165d200d224 E. 209165200224
C E
A company has enabled ICE to optimize call flows and improve video quality between their Cisco Collaboration endpoints internally and externally.
For which reason would you see activity on the TURN server when a call is established between two external endpoints?
A. The video call is using encryption, which is not supported by ICE with CUCM 12.5 B. ICE cannot reduce the packet loss on the link C. A STUN cannot punch holes in the firewall D. The video call is using 4K resolution, which is not supported by ICE with CUCM 12.5
C
The answer is C “Those addresses (A, B, and C) populate the SIP SDP offer and answer as ICE candidates, and after the signaling has gone through, both endpoints will have the remote party ICE candidate addresses. It is at that point that the endpoints do a connectivity check by sending STUN messages to one another in an attempt to punch transport holes in the firewalls in order to establish media connectivity between peers.”
Which role does Call Policy play when preventing toll fraud on Expressways?
A. It controls which calls are allowed, which calls are rejected, and which calls are redirected to a different destination. B. It changes the calling and called number on a call. C. It changes the audio protocol used by a call through Expressways. D. It changes the audio codec used in a call through Expressways.
A
You can set up rules to control which calls are allowed, which calls are rejected, and which calls are to be redirected to a different destination. These rules are known as Call Policy (or Administrator Policy).
If Call Policy is enabled and has been configured, each time a call is made the Expressway will execute the policy in order to decide, based on the source and destination of the call, whether to:
* Proxy the call to its original destination.
* Redirect the call to a different destination or set of destinations.
* Reject the call.
What happens to the encrypted signaling traffic of a collaboration device if you place it inside a firewall with private IP addresses and try to make a call over IP without any collaboration infrastructure?
A. The signaling makes it back to the endpoint because the firewall is an application layer gateway and provides address translation. B. Encrypted IP traffic for collaboration devices always is trusted by the firewall. C. The signaling does not make it back to the endpoint because the firewall cannot inspect encrypted traffic. D. The signaling makes it back to the endpoint because the endpoint sent the private address to the external endpoint.
C
Which statement about scheduling Expressway backups is true?
A. It is not supported on the application. B. It is allowed from the application CLI of the Expressway only. C. It is allowed from the application CLI and GUI of the Expressway. D. It is allowed from the application GUI of the Expressway only.
A
Between which two DTMF relay methods does the Expressway support interworking? (Choose two.)
A. unsolicited notify B. RFC 2833 C. KPML D. passthrough E. H.245 user input indication
B E
When the Expressway is interworking a call between SIP and H.323, it also interworks the DTMF signaling, but only between RFC 2833 DTMF, and the H.245 user input indicators “dtmf” and “basicString”.
What allows endpoints behind a NAT to discover the paths through which they will pass media?
A. RTP B. TLS C. SNMP D. ICE
D
https://www.cisco.com/c/en/us/td/docs/solutions/PA/ICE/icepa125.html
Which two types of information does Cisco Expressway back up? (Choose two.)
A. call records B. log files C. IP addresses D. current call states E. security certificates
C E
Which connection does the traversal zone configuration define?
A. Expressway-E and Collaboration Endpoints B. Cisco UCS E-Series and Cisco UCM C. Cisco UC and Cisco Unified Presence Server D. Cisco Expressway-C and Cisco Expressway-E platforms
D
Which protocol should be used to verify the connectivity for different media paths found during a call using ICE?
A. STUN B. RTP C. SNMP D. TURN
A
Which SIP media encryption mode is applied by default for newly created zones in the Cisco Expressway?
A. Off B. Best Effort C. Auto D. Force Encrypted
C
Answer C: Auto - no specific media encryption policy is applied by the Expressway. Media encryption is purely dependent on the target system/endpoint requests. This is the default behavior and is equivalent to how the Expressway operated before this feature was introduced
Cisco media traversal technology has enabled a secure environment where internal video endpoints call and receive calls from external video endpoints. How does the Expressway-C and Expressway-E communicate?
A. Expressway-C establishes an outgoing request to Expressway-E, enabling the Expressway-E in the DMZ to notify the internal Expressway-C of an incoming call from an external endpoint. B. Internal endpoints are registered to Expressway-E in the DMZ. Expressway-C, which is also in the DMZ, will receive and make calls on behalf of Expressway- E because they are in the same network. C. Expressway-E establishes an outgoing request to Expressway-C, enabling the Expressway-C in the DMZ to notify the internal Expressway-E of an incoming call from an external endpoint. D. Internal endpoints are registered to Expressway-C in the DMZ. Expressway-E, which is also in the DMZ, will receive and make calls on behalf of Expressway- C because they are in the same network.
A
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/exwy_b_mra-expressway-deployment-guide/exwy_b_mra- expressway-deployment-guide_chapter_00.html
Which dial plan component is configured in Expressway-C to route a call to the Cisco UCM?
A. call routing B. traversal subzone C. call policy D. search rule
D
Which attribute in the SDP for a call is affected by the static NAT address configuration in an Expressway-E?
A. connection
B. name
C. version
D. bandwidth
A
Which describes what could done on the Expressway-E to successfully route calls from Expressway-C on the internal network to the Internet?
A. Application layer gateway could be enabled to bridge the media traffic.
B. A static NAT route could be added to the firewall to bridge the two networks.
C. The Expressway-E could be enabled for Dual-NIC capability.
D. The Expressway-E could be enabled for interworking.
C
Enter Exibit
What is the result of a transformation applied to alias 88514?
A. 98851@ccnpcollab.com
B. 88513@ccnpcollab com
C. 88514@ccnpcollab.com
D. 88515@ccnpcollab.com
C
When configuring a Cisco Expressway solution and need to design the dial plan with various rules for URIs and numbers coming through the device. To do so, it is important that some dial plan rules are applied in a certain order. When configuring the transform section, you must know the range of the priorities.
Which range is correct?
A. any number in the drop-down menu
B. any number in the dialog box
C. any number between 1-128
D. any number between 1-65534
D
Which zone is required on a B2B deployment between Expressway-C and Expressway-E?
A. traversal zone
B. DNS zone
C. default zone
D. neighbor zone
A
Which mode should be used when Call Policy is configured on Expressways?
A. extended CPL
B. local CPL, policy service, and off
C. on
D. remote CPL
B
When designing the call control on a Cisco Expressway Core, which is the sequence of dial plan
functions?
A. transforms, CPL, user policy, search rules
B. search rules, zones, local zones
C. DNS zone, local zone, search rules
D. search rules, transforms
A
Which two items are configured when deploying a B2B collaboration solution? (Choose two.)
A. SIP trunk between Cisco Unified Communications Manager and Cisco Expressway-C
B. search rules in Cisco Expressway-E
C. SIP trunk between Cisco Unified Communications Manager and Cisco Expressway-E
D. traversal client on a Cisco Expressway-E
E. DNS zone on a Cisco Expressway-C
AB
Which step is taken when configuring a Cisco Expressway solution?
A. Configure the Expressway-E by using a non-traversal server zone.
B. Enable static NAT on the Expressway-E only.
C. Disable H.323 mode on the Expressway-E.
D. Enable H.323 H.460.19 demultiplexing mode on the Expressway-C.
B
The Expressway-E has both NICs enabled, and static NAT enabled on its outward-facing LAN interface. The Expressway-C inside the network is a traversal client of the Expressway-E in the DMZ.
Refer to Exibit
When configuring a search rule that routes calls to a zone, what occurs when 13358 is dialed?
A. 13358 is replaced by 135, and then is sent to the local zone.
B. 13358 is replaced by 135 and remains in the same zone.
C. 13358 is replaced by 135, and then is sent to the traversal zone.
D. 13358 is sent directly to the traversal zone.
D
Based on Website (https://www.regextester.com/10544) there are a few options which meets this Regex:
135, 1335, 13335, 1333335
1135, 11335, 113335, 11333335
no match for 13358: D is correct
Refer to the exhibit. :
Refer to the exhibit. Which description of the transformation is true?
A. It converts 4123@exp-name.exp.domain:<port> to 4123@exp.domain</port>
B. It changes all patterns that begin with 4123@exp-name.exp.domain:<port> to 1@exp.domain</port>
C. It changes 413@exp-name.exp.domain:<port> to 413@exp.domain</port>
D. It converts 4.3@exp-name.exp.domain:<port> to 1@exp.domain</port>
A
4\d{3})@exp-name.exp.domain(:.*)
(4\d{3}) = 4123 Matches
End:4123@exp.domain
Refer to the exhibit. In an environment SIP devices are registered to CUCM and H.323 devices to VCS.
What would be required to enable these calls to setup correctly?
A. Create a presearch transform.
B. Change the domain of SIP endpoint A to cisco.com.
C. Disable SIP in the external zone.
D. Change the interworking mode to On.
D
Which step is required when configuring cloud and hybrid deployments for Cisco Jabber?
A. Add the Jabber user to Cisco Unity Connection.
B. Add the Jabber user to Expressway-E.
C. Add the Jabber user to Expressway-C.
D. Add Jabber Users to the Cisco Webex Administration Tool.
D
Which two licenses are required for the B2B feature to work? (Choose two.)
A. Traversal Server
B. TURN Relays
C. Rich Media Sessions
D. Advanced Networking
E. Device Provisioning
AC
- Rich Media Sessions: Determines the number of non-Unified Communications calls allowed on the Expressway (or Expressway cluster) at any one time. See the Call Types and Licensing section for more information.
- Traversal Server: Enables the Expressway to work as a firewall traversal server.
An Expressway-E is configured using a single NIC with NAT.
How must the Expressway-C traversal client zone be configured to connect to the Expressway-E?
A. TLS verify must be enabled.
B. The zone profile must be set to default.
C. The peer address must be the Expressway-E NAT address.
D. The peer address must be the Expressway-E LAN 1 IP address.
C
You must enter the FQDN of the Expressway-E, as it is seen from outside the network, as the peer address on the Expressway-C’s secure traversal zone.
Refer to Exibit
An ISDN gateway is registered to Expressway-C with a prefix of 9 and/or it has a neighbor zone specified that routes calls starting with a 9.
Which value should be entered into the “Source” field to prevent toll fraud regardless at origin of the call?
A. Traversal Zone
B. Any
C. Neighbor Zone
D. All
B
No as possible choices at Expressway are:
Any: locally registered devices, neighbor or traversal zones, and any non-registered devices.
All zones: locally registered devices plus neighbor or traversal zones.
Local Zone: locally registered devices only.
Named: a specific zone or subzone.
Refer to the exhibit.
An Expressway-C and Expressway-E are configured for B2B calling and the Expressway-E zone is set to TLS Verify Currently, calls do not reach the Expressway-C. The Traversal Client zone on the Expressway-C for B2B reports the information in the exhibit for the Peer 1 address.
Which action resolves this error?
A. Configure the Expressway-C Traversal Client zone Peer 1 address with the fully qualified domain name
of the Expressway-E.
B. Configure the Expressway-C Traversal Client zone transport protocol with TCP.
C. Add a server certificate to the Expressway-C that is signed by a certificate authority.
D. Add an intermediate certificate to the Expressway-C that is signed by a certificate authority
C
Refer to the exhibit.
Which inbound connection should an administrator configure on the outside firewall?
A. Media: UDP 36000 to 36011
B. XMPP: TCP 5222
C. SIP: TCP 5061
D. HTTPS (tunneled over SSH between C and E): TCP 2222
B
SIP UDP: 5060
SIP TCP: 5060
SIP TLS: 5061
XMPP TCP: 5222
RTP/RTCP: 36000-59999
How does an administrator configure an Expressway to make sure an external caller cannot reach a
specific internal address?
A. block the call with a call policy rule in the Expressway-E
B. add the specific URI in the firewall section of the Expressway and block it
C. configure FAC for the destination alias on the Expressway
D. add a search rule route all calls to the Cisco UCM
A
An engineer wants to configure a zone on the Expressway-E to receive communications from the Expressway-C in order to allow inbound and outbound calls.
How is the peer address configured on the Expressway-C when Expressway-E has only one NIC enabled and is using static NAT mode?
A. Expressway-E DHCP
B. Cisco UCM FQDN
C. Cisco UCM DHCP
D. Expressway-E FQDN
D
“You must enter the FQDN of the Expressway-E, as it is seen from outside the network, as the peer address on the
Expressway-C’s secure traversal zone. The reason for this is that in static NAT mode, the Expressway-E requests that
incoming signaling and media traffic should be sent to its external FQDN, rather than its private name.”
Refer to the exhibit.
Which two outbound connections should an administrator configure on the internal firewall? (Choose two.)
A. XMPP: TCP 7400
B. SIP: TCP 7001
C. SIP TCP 5061
D. Media: UDP 36012 to 59999
E. HTTPS: TCP 8443
AB
The internal firewall must allow the following outbound connections from the Expressway-C to the Expressway-E:
SIP: TCP 7001
Traversal media: UDP 2776 to 2777 (or 36000 to 36011 for large
VM/appliance)
XMPP: TCP 7400
HTTPS (tunneled over SSH between C and E): TCP 2222
Source: Official Cert Guide
Refer to the exhibit.
Refer to the exhibit. The firewall has been configured from NAT 192.168.108.2 to 100.64.0.1. Which configuration changes are needed for an Expressway-E with dual network interfaces?
A:
External LAN interface:LAN 2
LAN 1 IPv4 static NAT mode:ON
LAN 1 IPv4 static address:100.64.0.1
LAN 2 IPv4 static NAT mode:ON
LAN 2 IPv4 static NAT address:100.64.0.1
B:
External LAN interface:LAN 2
LAN 2 IPv4 static NAT mode:ON
LAN 2 IPv4 static NAT address:100.64.0.1
C:
External LAN interface:LAN 1
LAN 1 IPv4 static NAT mode:ON
LAN 1 IPv4 static NAT address:100.64.0.1
D:
External LAN interface:LAN 2
LAN 1 IPv4 static NAT mode:ON
LAN 1 IPv4 static address:100.64.0.1
B
External LAN interface:LAN 2
LAN 2 IPv4 static NAT mode:ON
LAN 2 IPv4 static NAT address:100.64.0.1
An engineer is deploying an Expressway solution for the SIP domain Cisco.com.
Which SRV record should be configured in the public DNS to support inbound B2B calls?
A. _collab-edge._tls.cisco.com
B. _cisco-uds._tcp.cisco.com
C. _sip._tcp.cisco.com
D. _cuplogin._tcp.cisco.com
C
SIP B2B - Cisco SRV Records for business-to-business
_sips._tcp.domain 5061 TLS
_sip._tcp.domain 5060 TCP
_sip._udp.domain 5060 UDP
A call is sent by Cisco UCM to Expressway with a URI of 75080001@expc1a.pod8.test.lab.
If (7508…) @expc1a.pod8.test.lab.* is the pattern string, what would be the replacement string of the transform in Expressway to re-write the call so that it becomes 75080001@conf.pod8.test.lab?
A. \1@conf.pod8.test.lab.@
B. \1@conf.pod8.test\lab.*
C. \1@conf.pod8.test.lab
D. \1@conf.pod8.test.lab.!
C
Refer to the exhibit.
Calls to locally registered endpoints are failing. At present, there are two endpoints registered locally to this Expressway. An H.323 endpoint with an alias of “EndpointA” is registered, and a SIP endpoint with an
alias of “EndpointB@pod1.local” is also registered.
How is this issue resolved?
A. The dialplan must be redesigned to use the transforms to convert the alias into SIP URI format and then use separate search rules for each format that needs to be dialed within the local zone.
B. The calls are failing because there are insufficient licenses. Additional licenses must be installed for the Expressway to route these calls.
C. The current search rule does not match the call, so the search rule must be modified to include a SIP Variant of “Standards-Based”.
D. Calling parties are placing calls with the wrong domain. End-users must be instructed not to use the pod1.local domain as that is owned by the local system. Calls to any other domain would work.
A
Stripping @domain for dialing to H.323 numbers
SIP endpoints can only make calls in the form of URIs - for example name@domain. If the caller does not specify a domain when placing the call, the SIP endpoint automatically appends its own domain to the number that is dialed. So if you dial 123 from a SIP endpoint, the search will be placed for 123@domain. If the H.323 endpoint being dialed is registered as 123, the VCS will be unable to locate the alias 123@domain and the call will fail.
Refer to the exhibit.
A new neighbor zone is added for a new Cisco Meeting Server, but the zone is showing a SIP status of failed from the time the zone it was created.
What should be done to resolve this issue?
A. The search rule must be changed to continue on match.
B. The existing zone using ID 7 must be deleted.
C. More bandwidth must be added to the appropriate pipes.
D. The underlying DNS issue must be resolved.
D
The general rule of thumb with Search rules is the more specific the Pattern string, the lower it can be placed in the Search rule priority list. Generally a DNS Zone is configured with a Pattern string that is going to catch anything that is not a local domain and send it to the Internet. Due to this, we recommend that you set that type of Search rule to a high priority so it’s invoked last.
It seems like a Search Rule match would resolve the “underlying DNS issue”
Which two considerations must be made when using Expressway media traversal? (Choose two.)
A. It is possible to NAT both Expressway-E interfaces
B. The Unified Communications traversal zone should be used for MRA
C. The Expressway-E must be put in a firewall DMZ segment
D. Expressway Control is the traversal server installed in the DMZ
E. Cisco UCM zone should be either traversal server or client
BC
- An Expressway-E located outside the firewall on the public network or in the DMZ, which acts as the firewall traversal server.
Unified Communications features such as Mobile and Remote Access or Jabber Guest, require a Unified Communications traversal zone connection between the Expressway-C and the Expressway-E. This involves:
○ Installing suitable security certificates on the Expressway-C and the Expressway-E.
○ Configuring a Unified Communications traversal zone between the Expressway-C and the Expressway-E.
Jabber cannot log in via Mobile and Remote Access.
You inspect Expressway-C logs and see this error message:
XCP_JABBERD Detail=”Unable to connect to host ‘%IP%’, port 7400:(111) Connection refused” Which is
the cause of this issue?
A. Rich Media Session licenses are not activated on Expressway-E.
B. Expressway-E is listening on the wrong IP interface.
C. The destination port for Expressway-E is set to 7400 instead of 8443 on the Expressway-C.
D. The XCP Service is not activated on Expressway-E.
B
Expressway-C Logs Show This Error: XCP_JABBERD Detail=”Unable to connect to host ‘%IP%’, port 7400:(111) Connection refused”
If Expressway-E Network Interface Controller (NIC) is incorrectly configured, this can cause the Extensible Communications Platform (XCP) server to not be updated. If Expressway-E meets these criteria, then you will probably encounter this issue:
Uses a single NIC.
Advanced Networking Option Key is installed.
The Use Dual Network Interfaces option is set to Yes.
In order to correct this problem, change the Use Dual Network Interfaces option to No.
The reason this is a problem is because Expressway-E listens for the XCP session on the wrong network interface, which causes the connection to fail/timeout. Expressway-E listens on TCP port 7400 for the XCP session. You can verify this if you use the netstatcommand from the VCS as root.
Which configuration is required when implementing Mobile and Remote Access on Cisco Expressway?
A. IPS
B. SAML authentication
C. Cisco Unified CM publisher address
D. SSO
C
Step 1
On the Expressway-C primary peer, go to Configuration > Unified Communications > Unified CM servers.
Step 2
Click New and add the following details for the publisher node:
* Unified CM publisher address—The server address of the publsiher node.
* Username—User ID of an account that can access the server.
* Password—Password of the account that can access the server
* TLS verify mode (What about for basic MRA without ICE – is this recommended?)
* AEM GCM media encryption—Set to On to enable AEM GCM support. This field appears only if you
* Deployment—If you have configured multiple Deployments, select the appropriate deployment. Note that this field does not appear unless you have configured deployments.
What it is the purpose of using ICE for Mobile and Remote Access endpoints in the Cisco
Collaboration infrastructure?
A. ICE controls the bandwidth usage for Cisco Collaboration endpoints if the endpoints are located outside the company network.
B. ICE enables Cisco Collaboration endpoints to determine if there is direct connectivity between them.
C. ICE uses FAST updates to optimize the video quality in case of packet loss. This technology is available only from Cisco Unified CM version 11.5 and later.
D. ICE enablement allows for the Cisco Collaboration endpoint to register through Expressway servers to Cisco Unified Communications Manager behind a firewall.
B
Interactive Connectivity Establishment (ICE), defined in RFC 8445, is a protocol that combines STUN and TURN. Using ICE, endpoints can determine if there is direct connectivity between them and will then apply the STUN hole-punching techniques to keep the firewall ports opened, thus allowing for both inbound and outbound media traffic. If direct media connectivity cannot be achieved, the endpoints will fall back to the TURN server and will send their UDP traffic centrally instead of going peer-to-peer.
When deploying an Expressway Core and Expressway Edge cluster for mobile and remote access,which TLS verity subject name must be configured on the Expressway-E UC traversal zone?
A. Webex CUSP Cluster Name
B. Expressway-E Cluster Name
C. Cisco Unified Communications Manager Publisher FQDN
D. Expressway-C Cluster Name
D
On Expressway E, Enter the name to look for in the traversal client’s certificate (must be in either the Subject Common Name or the Subject Alternative Name attributes). If there is a
cluster of traversal clients, specify the cluster
name here and ensure that it is included in each client’s certificate.
Traversal Client is EXP-C
Refer to the exhibit.
Mobile Cisco Jabber cannot register with on-premises Cisco Unified Communications Manager using Mobile and Remote Access. Some logs were captured on Expressway Edge.
Which action corrects this problem?
A. Ensure that the peer address does not match the Common Name on certificate.
B. Ensure that the _cisco-uds SRV record has been configured.
C. Ensure that the credential has been entered correctly.
D. Ensure that the SIP domains are added on Expressway Core.
C
When the password is incorrect, you see this in the Expressway−E logs:
Module=”network.ldap” Level=”INFO”: Detail=”Authentication credential found in directory for identity: traversal? Module=”developer.nomodule” Level=”WARN” CodeLocation=”ppcmains/sip/sipproxy/ SipProxyAuthentication.cpp(686)” Method=”SipProxyAuthentication:: checkDigestSAResponse” Thread=”0x7f2485cb0700”: calculated response does not match supplied response, calculatedResponse=769c8f488f71eebdf28b61ab1dc9f5e9, response=319a0bb365decf98c1bb7b3ce350f6ec Event=”Authentication Failed” Service=”SIP” Src−ip=”10.48.80.161” Src−port=”25723” Detail=”Incorrect authentication credential for user” Protocol=”TLS” Method=”OPTIONS” Level=”1?
Which two statements about Expressway media traversal are true? (Choose two.)
A. Expressway Control is the traversal server installed in the DMZ.
B. The Expressway Edge must be put in a firewall DMZ segment.
C. Cisco Unified Communications Manager zone can be either traversal server or client.
D. The Unified Communications traversal zone can be used for Mobile and Remote Access.
E. Both Expressway Edge interfaces can be NATed.
BD
- An Expressway-E located outside the firewall on the public network or in the DMZ, which acts as the firewall traversal server.
Unified Communications features such as Mobile and Remote Access or Jabber Guest, require a Unified Communications traversal zone connection between the Expressway-C and the Expressway-E.
Which zone is required between Expressway-E and Expressway-C in Mobile and Remote Access
deployments?
A. Unified Communications traversal zone
B. neighbor zone
C. DNS zone
D. traversal zone
A
Which type of traversal zone?
* If your deployment is for business to business calling, use a traversal zone.
* If your deployment is for mobile and remote access, use a Unified Communications traversal zone
Refer to the Exibit :
An engineer is deploying mobile and remote access in an environment that already had functioning Business to Business calling. Mobile and remote access SIP registrations are failing. To troubleshoot, SIP logs were collected.
How is this issue resolved?
A. Change the SIP profile on the SIP trunk for the Expressway-E to Standard SIP Profile for TelePresence Endpoint
B. Change the “Incoming Port” in the SIP Trunk Security Profile for the Expressway-C to not match SIP line registrations
C. Enable autoregistration for the appropriate DN range on the Cisco UCM servers running the
CallManager service
D. Write a custom normalization script since the “vcs-interop” normalization script does not allow
registrations
B
A diagnostic log from Expressway-C shows a SIP/2.0 405 Method Not Allowed message in response to the Registration request sent by the Jabber client. This is likely due to an existing Session Initiation Protocol (SIP) trunk between Expressway-C and CUCM using port 5060/5061. In order to correct this issue, change the SIP port on the SIP Trunk Security Profile that is applied to the existing SIP trunk configured in CUCM and the Expressway-C neighbor zone for CUCM to a different port such as 5065.
Refer to Exibit:
Logins and failing via mobile and remote access.
How is this resolved?
A. Mobile and remote access login has not been enabled for the domain configured in the Expressway-C.
The domain must be edited to allow Cisco UCM registrations.
B. SIP is disabled on the Expressway-E. The SIP protocol must be enabled on the server.
C. No Cisco UCM servers are configured in the Expressway-C. Servers must be added for CallManagerand IM and Presence services.
D. Although a traversal client zone exists, there is no Unified Communications traversal client zone. One must be created.
D
Unified CM registrations and IM&P say the “domain is configured but no active zone connection. This link has the suggestion from the Mentor in the Community thread.
Refer to the exhibit.
Mobile and remote access is being added to an existing B2B deployment and is failing. When the administrator looks at the alarms on the Expressway-C, the snippets are shown.
Which configuration action should the administrator take to fix this issue?
A. The listening port on the Expressway-C for SIP TCP must be changed to a value other than 5060
B. The listening port on the Expressway-C for SIP TLS must be changed to a value other than 5061
C. The listening port on the Cisco UCM for the Expressway-C SIP trunk must be changed to something other than 5060 or 5061.
D. The listening port on the Cisco UCM for the Expressway-C SIP trunk is set to something other than 5060 or 5061. It must be set to 5060 for insecure and 5061 for secure SIP
C
* If you have MRA connections to the Unified CM, which are line-side connections to 5060/5061, then you should
avoid using 5060/5061 as the listening port for any SIP trunks you create on that Unified CM.
Refer to the exhibit.
The administrator attempted to log in, but Jabber clients cannot log in via mobile and remote access.
How is this issue resolved?
A. Skype for Business mode must be disabled on the DNS server because it conflicts with Jabber login requirements.
B. The domain pod1.local must be deprovisioned from the Webex cloud for Jabber logins.
C. A DNS SRV record must be created for _collab-edge._tls.pod1.local that points to the Expressway-E.
D. The username jabberuser@pod1.local is invalid. The user should instead sign-in simply as jabberuser.
C
Refer to the exhibit showing logs from the Expressway-C, a copy of the Expressway-E certificate, and
the UC traversal zone configuration for the Expressway-C.
An office administrator is deploying mobile and remote access and sees an issue with the UC traversal
zone. The zone is showing “TLS negotiation failure”.
What is causing this issue?
A. The Expressway-E certificate includes the Expressway-C FQDN as a SAN entry
B. The Expressway-C is missing the FQDN of Cisco UCM in the Common Name of its certificate
C. In the UC Traversal Zone on the Expressway-C, the peer address is set to the IP of the Expressway-E,which is not a SAN entry in the Expressway-E certificate
D. The Expressway-E does not have the FQDN of Cisco UCM listed as a SAN in its certificate.
C
UC Traversal Zone Settings
Peer 1 address
Enter the FQDN of the Expressway-E.
Note that if you use an IP address (not recommended), that address must be present in the Expressway-E server certificate.
If you have configured Expressway-E with a dual NIC interface for MRA, enter the FQDN of Expressway-E’s internal interface (not the IP address). Expressway-C requires a local DNS record that points to the FQDN of the Expressway-E’s internal LAN
Refer to the Exibit :
If the Webex Teams device cannot connect to Video Mesh Cluster-1 because it is busy, which media node does the Webex Teams device connect to next?
A. Both Cloud Node US-EAST and US-WEST
B. Video Mesh Cluster-2
C. Cloud Node US-EAST
D. Cloud Node US-WEST
B
Learned reachability information is provided to the Webex cloud every time a call is set up. This information allows the cloud to select the best resource (cluster or cloud), depending on the relative location of the client to available clusters and the type of call. If no resources are available in the preferred cluster, additional clusters are tested for availability based on SRT delay. A preferred cluster is chosen with the lowest SRT delay. Calls are served on premises from a secondary cluster when the primary cluster is busy. Local reachable Video Mesh resources are tried first, in order of lowest SRT delay. When all local resources are exhausted, the participant connects to the cloud.
Refer to the exhibit :
Cisco Unified Communications Manager routes the call via the Webex Meetings route list and route group to the Video Mesh cluster Node#1 in the Video Mesh cluster is hosting the meeting and has reached full capacity, but other nodes in the cluster still have spare capacity.
What happens to the participant’s call?
A. Another node in the cluster is used and an intra-cluster cascade between the two Video Mesh nodes is formed.
B. The call is queued.
C. The call fails.
D. Another node in the cluster is used and an intra-cluster cascade between Webex and the new Video Mesh node is formed.
A
If the node hosting the meeting reaches full capacity, another node in the cluster will be used and an intra-cluster cascade will be formed. (The intra-cluster cascade routes from node to node, not via Webex.)
Refer to the exhibit.
When a Jabber user attempts to connect from outside of the organization, the user enters the login information as “user@example.com” and receives the error “Cannot find your services Automatically”.
The engineer tries to resolve SRV records used by Jabber.
DNS A record “expressway-e.example.com” points to the Expressway-E IP and “cucm.example.com” points to the Cisco Unified Communications Manager.
Which change resolves the DNS problem?
A. Change cisco-uds to point to the Expressway-E FQDN.
B. Change the collab-edge record to point to 5061.
C. Remove the cisco-uds SRV record for the external DNS.
D. Change the priority of the SRV record for cisco-uds.
C
The following is an example of the _cisco-uds SRV record:
_cisco-uds._tcp.example.com SRV service location:
priority = 6
weight = 30
port = 8443
svr hostname = cucm3.example.com _cisco-uds._tcp.example.com SRV service location:
priority = 2
weight = 20
port = 8443
svr hostname = cucm2.example.com _cisco-uds._tcp.example.com SRV service location:
priority = 1
weight = 5
port = 8443
svr hostname = cucm1.example.com
Refer to the exhibit.
While troubleshooting Cisco Jabber login issues, there are some error messages.
Why is the Jabber client unable to sign in?
A. down Cisco Unified Communications Manager server
B. XMPP bind failures
C. incorrect login credentials
D. service discovery issues
B
Jabber Cannot Sign In Due to XMPP Bind Failure
The Jabber client may be unable to sign in (“Cannot communicate with the server” error messages) due to XMPP bind failures.
This will be indicated by resource bind errors in the Jabber client logs, for example:
XmppSDK.dll #0, 201, Recv:<iq><bind></bind><error><conflict></conflict></error></iq>
XmppSDK.dll #0, CXmppClient::onResourceBindError
XmppSDK.dll #0, 39, CTriClient::HandleDisconnect, reason:16
This typically occurs if the IM and Presence Intercluster Sync Agent is not working correctly.
Refer to the exhibit. Logins are failing via Mobile and Remote Access. How is this resolved?
A. No Cisco UCM servers are configured in the Expressway-C. Servers must be added for CallManager and IM and Presence services. B. SIP is disabled on the Expressway-E. The SIP protocol must be enabled on the server. C. Although a traversal client zone exists, there is no UC traversal client zone. One must be created. D. Mobile and Remote Access login has not been enabled for the domain configured in the Expressway-C. The domain must be edited to allow Cisco UCM registrations.
C
Refer to the exhibit. What are “Type” field values for this Expressway servers zone configuration?
A. Expressway-C “DNS”, Expressway-E “Traversal server” B. Expressway-C “Traversal server”, Expressway-E “Traversal client” C. Expressway-C “Neighbor”, Expressway-E “Neighbor” D. Expressway-C “Traversal client”, Expressway-E “Traversal server”
D
The Expressway solution consists of:
An Expressway-E is located outside the firewall on the public network or in the DMZ, which acts as the firewall traversal server.
An Expressway-C or other traversal-enabled endpoint located in a private network acts as the firewall traversal client.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/admin_guide/X14-0/exwy_b_cisco-expressway-administrator-guide/exwy_m_firewall-traversal.html
Refer to the exhibit. An administrator troubleshoots Cisco Jabber users experiencing issues when trying to log in and notices errors in the Jabber problem report log. The administrator also sees that the Intercluster Sync Agent service is not running on the IMM and Presence server. Why is the Jabber client unable to sign in?
A. The XmppSDK.dl file is missing from the IM and Presence server B. The XMPP stanza is not using the correct ID for the Jabber client. C. The XMPP bind failed on the IM and Presence server D. The Jabber client refused the XMPP bind connection.
C
Jabber Cannot Sign In Due to XMPP Bind Failure
The Jabber client may be unable to sign in (“Cannot communicate with the server” error messages) due to XMPP bind failures.
This will be indicated by resource bind errors in the Jabber client logs, for example:
XmppSDK.dll #0, 201, Recv:<iq><bind></bind><error><conflict></conflict></error></iq>
XmppSDK.dll #0, CXmppClient::onResourceBindError
XmppSDK.dll #0, 39, CTriClient::HandleDisconnect, reason:16
This typically occurs if the IM and Presence Intercluster Sync Agent is not working correctly.
Refer to the exhibit. When Expressway-E routes a call with URI 4040@uclab.local to a DNS zone, which DNS server does the Expressway query for the SIP SRV records?
A. 10.20.20.20 B. 10.10.10.10 C. 10.40.40.40 D. 10.30.30.30
A
Drag And Drop
Answer
The following table shows which CSR alternative name elements apply to which Unified Communications features:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X14-0/cert_creation_use/exwy_b_cisco-expressway-certificate-creation-and-use-deployment-guide-x14-0/exwy_b_certificate-creation-use-deployment-guide_chapter_011.html
Refer to the exhibit. A Cisco Webex device on an enterprise network has identified the given STUN round-trip delays in milliseconds to the enterprise Video Mesh clusters and two Webex Cloud Media clusters during the call setup. Which correct sequence of clusters is the client connecting to?
A. US West Coast WCMC. If US West Cost WCMC is full, then Europe WCMC because clients select clusters in the order of SRT delays. B. DC Europe. If DC Europe is full, DC APAC because clients select on-premises clusters in the order of SRT delays before using cloud resources, C. DC Europe. If DC Europe is full, US West Coast WCMC because clients select resources in the order of SRT delays but ignore SRTs greater than 250 ms D. US West Coast WCMC. Clients continuously monitor DC US cluster and reconnect when DC US are available to save bandwidth.
C
Local reachable Video Mesh resources are tried first, in order of lowest SRT delay. When all local resources are exhausted, the participant connects to the cloud.
While the preference for node selection is your locally deployed Video Mesh nodes, we support a scenario where, if the STUN round-trip (SRT) delay to an on-premises Video Mesh cluster exceeds the tolerable round-trip delay of 250 ms (which usually happens if the on-premises cluster is configured in a different continent), then the system selects the closest cloud media node in that geography instead of a Video Mesh node.
Drag and drop the services from the left onto their descriptions on the right. Some services are used more than once.
