User Account Shopping Cart
Practice Exams:
View All

300-820 Cisco Practice Test Questions and Exam Dumps

Question 1:

What issue does NAT (Network Address Translation) create in the Session Description Protocol (SDP) for SIP (Session Initiation Protocol) calls?

A. The additional headers introduced by NAT encapsulation can cause the packet size to exceed the Maximum Transmission Unit (MTU).
B. When a client is behind a NAT, it may have difficulty determining the appropriate offset due to time zones.
C. The IP address specified in the connection data field may be an internal, non-routable address.
D. The encryption keys advertised in the SDP are only valid for clients that are not behind a NAT.

Answer: C. The IP address specified in the connection data field may be an internal, non-routable address.

Explanation:
In SIP-based communication, particularly when using SDP to establish media sessions, the NAT introduces several complications. SIP and SDP are used to initiate, maintain, and terminate communication sessions, with SDP handling the media session parameters, including IP addresses. NAT complicates this process because the devices on an internal network typically have private, non-routable IP addresses, which are not accessible from the public internet. When an endpoint behind NAT advertises its IP address within the SDP, it might include an internal IP address that is not routable from the outside network.

This creates a problem when the SIP signaling or media needs to be routed through the internet since the public-side servers or clients won’t be able to reach the private IP address advertised in the SDP. To overcome this, methods such as NAT traversal (e.g., STUN or TURN) are used, or external signaling servers (e.g., SBCs or Expressway-C/E) are deployed to handle the NAT translation.

Question 2: 

A company uses Cisco Unified Communications Manager for internal audio and video traffic but needs to establish video communication with external partners while ensuring security. What configuration must be set up to achieve this?

A. Cisco Unified Border Element and Cisco ASA Firewall
B. Cisco Unified Border Element and Cisco Firepower Firewall
C. Cisco Expressway-C and Cisco Expressway-E
D. Cisco Expressway-C and Cisco Unified Border Element

Answer: C. Cisco Expressway-C and Cisco Expressway-E

Explanation:
For secure video communication with external partners or customers while maintaining internal communications within the Cisco Unified Communications Manager (CUCM) infrastructure, Cisco recommends deploying the Cisco Expressway solution. The Cisco Expressway-C (Expressway Core) is deployed inside the corporate network, while the Cisco Expressway-E (Expressway Edge) is deployed in the DMZ (Demilitarized Zone), providing a secure connection for external communications.

This configuration allows for seamless, secure communication between internal and external video endpoints by utilizing secure traversal and NAT traversal. The Expressway-C handles the internal-side signaling and media management, while the Expressway-E facilitates external communication, ensuring that SIP and video calls can be made securely with external partners over the internet, even when behind NAT or firewalls. The Expressway solution supports secure communication protocols, such as TLS (Transport Layer Security), for SIP signaling and SRTP (Secure Real-Time Protocol) for media encryption.

Cisco’s Unified Border Element (CUBE) is typically used for SIP trunking to external networks, but for secure video communication with external endpoints, Expressway-C and Expressway-E are the ideal components for a Cisco solution.

Question 3: 

When configuring static NAT on a Cisco Expressway-E, which SDP attribute is modified to reflect the NAT address?

A. SDP b-line
B. SIP record route
C. SDP c-line
D. SDP m-line

Answer: C. SDP c-line

Explanation:
 When a Cisco Expressway-E is deployed with static NAT, the NAT translation must be reflected in the Session Description Protocol (SDP) to ensure that external clients can correctly connect to the internal resources. The c-line attribute in the SDP specifies the connection data for the media session, particularly the IP address and port information needed for media exchange.

In the case of static NAT, the internal private IP address specified in the c-line would be replaced with the public IP address after NAT translation, allowing external clients to reach the server using the correct public-facing address. This translation is essential because internal addresses are non-routable on the internet, and NAT ensures that requests from external clients can be correctly forwarded to the internal network.

  • SDP b-line (A) specifies bandwidth information for the media stream, not the connection data.

  • SIP record route (B) is part of SIP signaling and helps route requests, but it does not directly affect the media connection.

  • SDP m-line (D) is used to describe media formats, such as audio or video, and does not directly deal with NAT-related IP address issues.

Therefore, SDP c-line is the correct attribute modified by static NAT on the Expressway-E, ensuring that the public IP address is used for media connections.

Summary of Key Concepts:

  1. NAT and SDP Complications:
     NAT can cause issues in SIP communications because private IP addresses are used in the SDP, which are not routable on the public internet. NAT traversal techniques are needed to overcome this problem.

  2. External Video Communication Setup:
     Cisco Expressway-C and Expressway-E provide a secure solution for video communications with external partners, utilizing a secure traversal method that allows communication between internal and external endpoints while maintaining security.

  3. Static NAT on Expressway-E:
     Static NAT configuration on the Expressway-E modifies the SDP c-line to ensure that the correct public IP address is used for media connections, enabling external communication while protecting internal resources.

These questions cover key aspects of how NAT, security, and SIP signaling work in the context of Cisco collaboration solutions, emphasizing the importance of correct configuration for smooth, secure communications.

Question 4:

A company is deploying a Cisco Collaboration infrastructure and has a requirement to communicate with external parties that use both H.323 and SIP protocols. Internally, they wish to register endpoints only with SIP. 

Which functionality should be enabled to meet these requirements, and where should it be configured?

A. Interworking in Expressway-C
B. Transcoding in Cisco Unified Communications Manager
C. Transcoding in Expressway-C
D. Interworking in Cisco Unified Communications Manager

Answer: A. Interworking in Expressway-C

Explanation:
 In this scenario, the company needs to support communication with external partners using both H.323 and SIP protocols while maintaining internal SIP registration. The key to achieving this inter-protocol communication lies in interworking functionality. Interworking refers to the ability to bridge or convert between different communication protocols, such as SIP and H.323.

The Cisco Expressway-C (Core) is the correct platform for enabling interworking between SIP and H.323 protocols in this case. Expressway-C provides an interworking feature that facilitates communication between SIP and H.323 endpoints without requiring additional complex configurations on the internal systems. This functionality ensures seamless communication between endpoints on different networks and protocols.

  • Option B, Transcoding in Cisco Unified Communications Manager (CUCM):
     Transcoding in CUCM is used for converting media formats, such as audio or video codecs, but it does not deal with protocol bridging (i.e., it does not allow SIP to H.323 communication). Transcoding is helpful when different codecs are used between endpoints, but it doesn’t help in this case where protocol interworking is required.

  • Option C, Transcoding in Expressway-C:
     While Expressway-C does provide transcoding capabilities for media format conversion, it doesn’t perform protocol interworking between SIP and H.323. The task at hand involves bridging the two protocols, and Expressway-C's interworking feature handles this requirement.

  • Option D, Interworking in Cisco Unified Communications Manager (CUCM):
     Although CUCM can also handle protocol interworking, Expressway-C is specifically designed to provide this functionality for external communication scenarios, particularly when different protocols need to interact over a public network. Therefore, Expressway-C is the most appropriate solution.

Question 5:

For a Hybrid Message Service High Availability deployment across multiple IM and Presence clusters, what is a key configuration requirement?

A. The Intercluster Sync Agent must be functioning across all IM and Presence clusters.
B. The Intercluster Lookup Service must be functioning across all IM and Presence clusters.
C. Multiple Device Messaging should be disabled on the IM and Presence Service clusters.
D. The AXL service should only be activated on the publisher of each IM and Presence cluster.

Answer: B. The Intercluster Lookup Service must be functioning across all IM and Presence clusters.

Explanation:
When deploying Cisco's Hybrid Message Service in a high-availability setup across multiple IM and Presence clusters, it is essential that the clusters can communicate with each other reliably to ensure uninterrupted service. One of the key requirements for this high-availability setup is the configuration and functionality of the Intercluster Lookup Service (ILS).

The ILS enables intercluster communication and ensures that the presence data, user information, and messaging services are synchronized between different IM and Presence clusters. It acts as a critical service for distributing the information required for hybrid deployments, ensuring that users in different clusters can interact with each other seamlessly. The ILS service allows the clusters to recognize each other and share necessary data, such as user presence information, which is crucial for maintaining high availability and reliability in messaging services.

  • Option A, The Intercluster Sync Agent must be functioning across all IM and Presence clusters:
     While the Intercluster Sync Agent (ICSA) is important for synchronizing certain data (such as user configurations and settings) between clusters, the ILS plays a more pivotal role in ensuring proper communication between the clusters for hybrid services. ICSA alone doesn’t enable intercluster communication for services like messaging and presence.

  • Option C, Multiple Device Messaging should be disabled on the IM and Presence Service clusters:
     Multiple Device Messaging refers to allowing users to have multiple devices registered to the same user account. Disabling this feature is not a necessary requirement for Hybrid Message Service High Availability deployments. The requirement for ILS functionality and cluster synchronization takes precedence.

  • Option D, The AXL service should only be activated on the publisher of each IM and Presence cluster:
     The AXL service (Administrative XML Layer) is used for administrative and configuration tasks. While it is important for configuration management, AXL service activation is not directly tied to the Hybrid Message Service or its high-availability requirements. The focus should be on ensuring proper communication and data synchronization between clusters, which is handled by the ILS.

Question 6:

When Cisco Collaboration endpoints are exchanging encrypted signaling messages, what is one significant challenge associated with implementing NAT ALG for voice and video devices?

A. Internal endpoints cannot use private address space addresses.
B. The NAT ALG is unable to inspect the content of encrypted signaling messages.
C. NAT ALG causes jitter in the voice path.
D. Source addresses cannot correctly provide the destination addresses needed for remote endpoints to send return packets.

Answer: B. The NAT ALG is unable to inspect the content of encrypted signaling messages.

Explanation:
 In Voice over IP (VoIP) and video communication systems, Network Address Translation (NAT) is often used to allow devices with private IP addresses on an internal network to communicate with external networks. However, when the signaling messages (SIP, H.323, etc.) are encrypted, NAT Application Layer Gateway (ALG) functions face significant challenges.

  • Option A, Internal endpoints cannot use private address space addresses:
     This statement is not necessarily a complication of using NAT ALG in encrypted environments. While NAT typically translates private IP addresses to public ones, the issue of encrypted signaling doesn't directly relate to private address space. NAT ALG’s main issue comes from its inability to handle encrypted content properly, not the use of private addresses.

  • Option B, The NAT ALG is unable to inspect the content of encrypted signaling messages:
     This is the correct answer. NAT ALG typically works by inspecting and manipulating signaling messages, specifically to handle changes in the IP addresses and port numbers as they traverse the NAT. However, when these signaling messages are encrypted, NAT ALG cannot access the message content to apply the necessary changes. Without being able to inspect the encrypted messages, the ALG cannot modify the addresses and ports to maintain proper communication between the internal network and external endpoints. This can cause issues, as the NAT will not know how to adjust the signaling to ensure proper routing.

  • Option C, NAT ALG causes jitter in the voice path:
     Jitter is typically caused by network congestion, delays, or poor quality of service (QoS) rather than NAT ALG operations. While NAT ALG can cause issues in some situations, jitter is more likely a result of network instability rather than a direct complication of NAT ALG.

  • Option D, Source addresses cannot correctly provide the destination addresses needed for remote endpoints to send return packets:
     This statement refers to a possible NAT traversal issue where the source address from internal endpoints is not properly communicated to external endpoints, leading to failures in the response packet routing. While this can be an issue in NAT environments, the primary complication when signaling is encrypted is NAT ALG's inability to inspect and modify the encrypted content.

Thus, Option B is the most accurate explanation of the challenge in implementing NAT ALG for voice and video devices with encrypted signaling messages.

Question 7:

Which two factors could prevent port 8443 from being accessible from the internet to the Expressway-E? (Choose two.)

A. The MRA license is not activated on the Expressway-E.
B. The Unified Communications zone is down.
C. Transform is not configured on Expressway-E.
D. The SRV record for _cisco-uds is misconfigured.
E. The firewall is blocking the port.

Answer: A. The MRA license is not activated on the Expressway-E, E. The firewall is blocking the port.

Explanation:
Port 8443 is commonly used for secure web traffic on Cisco Expressway-E, especially for Mobile and Remote Access (MRA) and other communication features. If port 8443 is unreachable from the internet, several factors could contribute to this issue.

  • Option A, The MRA license is not activated on the Expressway-E:
     The Mobile and Remote Access (MRA) feature allows remote devices to securely access internal collaboration services. Port 8443 is the default port used for the MRA feature, and if the MRA license is not activated on the Expressway-E, the service will not function properly, and port 8443 might not be accessible. The absence of the MRA license means that the services relying on this port, such as secure access for mobile devices, will be blocked.

  • Option B, The Unified Communications zone is down:
     A Unified Communications zone is used for secure communication between Cisco devices, including Expressway-E. If this zone is down, it could affect overall connectivity. However, this would generally affect services across the entire network and not just the accessibility of port 8443. This could still be a contributing factor, but it's less specific to the issue of port accessibility.

  • Option C, Transform is not configured on Expressway-E:
     The term "transform" in this context generally refers to a feature related to NAT traversal or security transformations. While misconfiguring NAT or security settings could cause connectivity issues, it’s not directly related to port 8443 being blocked unless specifically linked to NAT or security rule misconfigurations.

  • Option D, The SRV record for _cisco-uds is misconfigured:
     SRV records are DNS records used to specify the location of servers for certain services. If the SRV record for _cisco-uds is misconfigured, it could affect the lookup of services, but this would more likely result in failures to locate the appropriate service rather than directly blocking port 8443.

  • Option E, The firewall is blocking the port:
     Firewalls are a common cause of blocked ports. If there are firewall rules that prevent traffic on port 8443 from reaching the Expressway-E, then external devices will not be able to access the service. This is a straightforward and common cause of connectivity issues for port 8443, especially if security rules have been configured to block certain ports.

Thus, the two most likely explanations for why port 8443 is unreachable are the lack of the MRA license (Option A) and firewall blocking (Option E).

Question 8:

Which type of media encryption can be configured on an Expressway zone?

A. Advanced Encryption Standard (AES)
B. IPsec
C. Triple Data Encryption Standard (3DES)
D. Force unencrypted

Answer: B. IPsec

Explanation:
Expressway zones are used to define the configuration of communication settings between different entities, such as between internal and external endpoints. For securing media traffic (such as audio and video), encryption is often a requirement, and this can be configured through various encryption protocols.

  • Option A, Advanced Encryption Standard (AES):
     AES is a widely used encryption standard, particularly for securing data transmission in many industries. However, Expressway zones do not specifically configure AES encryption directly. Instead, Expressway uses other methods for securing media traffic.

  • Option B, IPsec:
     IPsec is the correct answer. IPsec (Internet Protocol Security) is a suite of protocols used to secure internet protocol communications by encrypting and authenticating all IP packets in a communication session. In Cisco's Expressway deployment, IPsec can be used to secure media traffic between endpoints. This is critical in ensuring that voice and video communications are transmitted securely, preventing eavesdropping or tampering.

  • Option C, Triple Data Encryption Standard (3DES):
     3DES is an older encryption standard that was widely used before AES became the dominant encryption method. While 3DES is still supported in some environments, Expressway does not typically use 3DES for media encryption but instead relies on more modern methods like IPsec.

  • Option D, Force unencrypted:
     This option is the opposite of what is required for secure media encryption. For security purposes, forcing unencrypted media transmission is not recommended. In fact, this would violate the objective of securing communication over the network.

Thus, the appropriate encryption method configured on an Expressway zone is IPsec to secure media traffic between endpoints.

Question 9:

What is the function of a "transform" in the Cisco Expressway server?

A. A transform functions as a neighbor zone in Expressway, creating a connection to another server.
B. A transform modifies the audio codec used when a call passes through the Expressway.
C. A transform is used to route calls to a specific destination.
D. A transform alters an alias that meets specific criteria, converting it into another alias.

Answer: D. A transform alters an alias that meets specific criteria, converting it into another alias.

Explanation:
 In Cisco Expressway, a transform is primarily used for modifying call signaling by altering the alias of a call before routing it to its destination. This can involve changes such as converting one alias into another based on specific rules or patterns. Transforms allow flexibility in how calls are processed and can help with address normalization or redirection based on certain conditions.

  • Option A, A transform functions as a neighbor zone in Expressway, creating a connection to another server:
     This is incorrect because a transform is not responsible for creating neighbor zone connections. Neighbor zones are used to define trusted zones between Expressway and other servers, but transforms are specifically related to modifying or redirecting aliases, not establishing connections.

  • Option B, A transform modifies the audio codec used when a call passes through the Expressway:
     This is also incorrect. Audio codec changes are typically handled by transcoders or codec settings within the call configuration, not by transforms. Transforms are concerned with modifying aliases or routing rules, not codec choices.

  • Option C, A transform is used to route calls to a specific destination:
     While transforms might play a role in call routing by altering the alias, the primary purpose of transforms is to modify the alias itself. The actual routing is handled by the configuration of zones and dial plans in Expressway.

  • Option D, A transform alters an alias that meets specific criteria, converting it into another alias:
     This is the correct answer. A transform in Expressway is specifically designed to alter aliases that match predefined patterns or criteria, converting them into different aliases before routing the call to its intended destination. This can be useful for various purposes, such as ensuring that the calling party's identity is presented correctly to the destination or for routing purposes based on specific conditions.

Transform rules are often used to facilitate dial plan management, especially when integrating different domains or systems that might use different aliasing schemes.

Question 10:

For an organization with the domain name example.com, which two SRV records are appropriate for SIP and H.323 communication? (Choose two.)

A. _sips._tcp.example.com
B. _sips._udp.example.com
C. _h323ls._udp.example.com
D. _h323ls._tcp.example.com
E. _collab-edge._tls.example.com

Answer: A. _sips._tcp.example.com, C. _h323ls._udp.example.com

Explanation:
SRV records are used in DNS to specify the location (host and port) of servers for specific services. In the context of SIP (Session Initiation Protocol) and H.323, SRV records help in directing calls to the appropriate server for each communication protocol.

Here are the specific options and their relevance:

  • Option A, _sips._tcp.example.com:
     This is a valid SRV record for SIP over TLS (Secure SIP). The _sips service identifier indicates that it is for SIP over TLS (Transport Layer Security), and the _tcp part specifies that the communication is using the TCP transport protocol. This SRV record is used by SIP clients to locate a SIP server that supports secure (encrypted) SIP communication over TCP.

  • Option B, _sips._udp.example.com:
     This is not a valid SRV record for SIP. While SIP can use UDP, the _sips service is intended for secure (encrypted) SIP communication, which typically uses TLS (TCP), not UDP. Therefore, this SRV record would not be used for SIP communication over the standard UDP protocol.

  • Option C, _h323ls._udp.example.com:
     This is a valid SRV record for H.323 communication. The _h323ls service identifier is used for H.323 Location Services, which are part of the H.323 protocol used for call signaling and control. The _udp part specifies that the communication is over the UDP protocol. This SRV record is used to locate the H.323 gatekeeper or server that provides location services for H.323 endpoints.

  • Option D, _h323ls._tcp.example.com:
     While this may seem like a valid SRV record, H.323 Location Services typically use UDP, not TCP. TCP is not typically used for H.323 signaling, especially for location services. The proper SRV record for H.323 location services uses UDP, making this record unlikely to be valid for H.323 communication.

  • Option E, _collab-edge._tls.example.com:
     This is related to Cisco’s Collaboration Edge configuration, but it is not an SRV record for SIP or H.323 directly. This SRV record is used for services like Mobile and Remote Access (MRA), which require TLS for secure communication, but it is not applicable to the SIP or H.323 protocols specifically.

To summarize:

  • Option A is valid because it is used for secure SIP over TLS communication.

  • Option C is valid because it is used for H.323 Location Services over UDP, which is a standard part of the H.323 protocol.

Avanset - #1 VCE Player & Designer
How to Open VCE Files

Use VCE Exam Simulator to open VCE files

VCE Player for MAC
Sign UpSign Up Learn MoreLearn More Full VersionFull Version
UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.