Cisco 300-820 Exam Dumps & Practice Test Questions
Question 1
What is the proper order of dial plan processing functions on a Cisco Expressway Core for call control?
A. Transforms, CPL, user policy, search rules
B. Search rules, zones, local zones
C. DNS zone, local zone, search rules
D. Search rules, transforms
Answer: D
Explanation:
In Cisco Expressway Core, the correct order of dial plan processing for call control begins with search rules, followed by transforms. The call flow on the Cisco Expressway Core is designed to first evaluate search rules, which are responsible for determining how to route calls based on the dialed number or pattern. Once the call is matched to a specific rule, the transform function comes into play to modify the call as required. These transforms can manipulate various call attributes like prefixes, number formatting, and more.
To break down the options:
A. Transforms, CPL, user policy, search rules: This order is incorrect because search rules should be the first step, not the last.
B. Search rules, zones, local zones: This option misplaces zones and local zones in the order of processing, as zones are generally defined for connectivity and security, but they are not evaluated before transforms.
C. DNS zone, local zone, search rules: The DNS and local zones are part of the configuration for determining how the system interfaces with external entities, but they do not directly affect the order of call routing. This is not a correct sequence for dial plan processing.
D. Search rules, transforms: This is the correct order. The search rules are evaluated first to determine the routing of the call, followed by the transforms that adjust the call's attributes.
Thus, the proper order of dial plan processing for call control on Cisco Expressway Core is search rules, followed by transforms.
Question 2
Which two components are mandatory when implementing a Business-to-Business (B2B) collaboration deployment? (Choose two.)
A. SIP trunk between CUCM and Expressway-C
B. Search rules on Expressway-E
C. SIP trunk between CUCM and Expressway-E
D. Traversal client setup on Expressway-E
E. DNS zone configuration on Expressway-C
Answer: A, E
Explanation:
For a Business-to-Business (B2B) collaboration deployment, there are several essential components required for the solution to work correctly. Among these, the SIP trunk between CUCM and Expressway-C and the DNS zone configuration on Expressway-C are mandatory.
Here’s a detailed explanation of why these are necessary:
SIP trunk between CUCM and Expressway-C (Option A):
In a B2B collaboration deployment, the Cisco Unified Communications Manager (CUCM) needs to be able to route calls to external entities. The SIP trunk between CUCM and Expressway-C is the communication path that enables CUCM to send and receive calls to and from the Expressway Core, which then forwards those calls to the external B2B destination.DNS zone configuration on Expressway-C (Option E):
DNS zone configuration is essential for identifying and reaching the external destinations or partners that you are collaborating with. The DNS zone on Expressway-C ensures that Expressway can resolve domain names to IP addresses for external resources like other Expressway systems or partners. Without this configuration, the call routing and traversal features cannot function properly.
Now, addressing the other options:
Search rules on Expressway-E (Option B):
While search rules are important for call routing within Expressway-E, they are not mandatory for a B2B deployment. The essential requirements for a B2B deployment focus on the ability to reach external networks, which the SIP trunk and DNS zone enable.SIP trunk between CUCM and Expressway-E (Option C):
The SIP trunk between CUCM and Expressway-E is not mandatory for the B2B collaboration. It is the SIP trunk to Expressway-C that is required for routing between CUCM and the external partner. The Expressway-E serves as the outbound traversal point, but the core communication link with CUCM goes through Expressway-C.Traversal client setup on Expressway-E (Option D):
The traversal client setup on Expressway-E is typically used for more advanced configurations or ensuring that the system can handle calls through a firewall or NAT. While it's often required for a full B2B setup, it's not the mandatory component for basic deployments that require only a SIP trunk and DNS configuration to establish the external call path.
Thus, the mandatory components are SIP trunk between CUCM and Expressway-C and DNS zone configuration on Expressway-C for a successful B2B collaboration deployment.
Question 3
What is a necessary configuration step when setting up a Cisco Expressway solution?
A. Configure Expressway-E using a non-traversal server zone
B. Activate static NAT only on Expressway-E
C. Turn off H.323 mode on Expressway-E
D. Enable H.460.19 demultiplexing on Expressway-C
Answer: A
Explanation:
To set up a Cisco Expressway solution correctly, a key step is to configure Expressway-E using a non-traversal server zone. The Cisco Expressway-E typically serves as the gateway for external communication, allowing access through firewalls or NAT (Network Address Translation). The non-traversal server zone ensures that the Expressway-E handles connections from outside the firewall and ensures secure communication with external devices such as mobile clients, web clients, or other network endpoints.
When configuring Cisco Expressway for secure communication, the Expressway-E plays a pivotal role in managing secure firewall traversal and NAT. By setting up a non-traversal server zone, the system can accept incoming traffic without needing to traverse the firewall, simplifying the configuration and improving the system's security. This zone handles calls from external entities, such as remote devices or clients, securely routing them back into the internal network without needing direct access to internal resources.
Let’s review the other options to understand why they are not correct:
B. Activate static NAT only on Expressway-E: While static NAT is necessary for Expressway-E when it's placed in certain network configurations, it is not the critical configuration step for setting up the system. Static NAT ensures that the internal IP of Expressway-E is mapped to a consistent external IP, which can be essential for external communications. However, it is not the primary configuration needed to establish the Expressway solution. The non-traversal server zone (Option A) plays a more crucial role.
C. Turn off H.323 mode on Expressway-E: H.323 mode is an older video and voice protocol that might not be required in every configuration. Cisco Expressway supports various protocols like SIP, but disabling H.323 mode is not typically required unless the system specifically needs to be set up with newer protocols. It is not a necessary configuration step when setting up the Cisco Expressway solution.
D. Enable H.460.19 demultiplexing on Expressway-C: H.460.19 is a protocol that provides traversal through NAT for H.323 devices. However, enabling this feature on Expressway-C (which is responsible for internal calls and local communications) is not a critical step for the initial setup of the Cisco Expressway solution. H.460.19 is more useful in specific scenarios where H.323 protocol support is necessary, but it is not the foundational step for configuring Expressway as a whole.
Thus, A is the correct choice because configuring a non-traversal server zone on Expressway-E is a fundamental and necessary step for establishing the Expressway solution.
Question 4
What is a required configuration step when setting up Cisco Jabber in a hybrid or cloud-based environment?
A. Add Jabber users to Cisco Unity Connection
B. Register Jabber users on Expressway-E
C. Register Jabber users on Expressway-C
D. Provision Jabber users in the Cisco Webex Administration Tool
Answer: B
Explanation:
When setting up Cisco Jabber in a hybrid or cloud-based environment, one essential configuration step is to register Jabber users on Expressway-E. Expressway-E serves as the external-facing component of the Cisco Expressway solution, enabling Jabber clients to connect securely over the internet. By registering Jabber users on Expressway-E, the system ensures that external users (remote workers or mobile devices) can securely access Cisco Unified Communications services, such as voice, video, presence, and instant messaging, via the public internet.
The registration of users on Expressway-E is a critical step in the hybrid or cloud-based configuration because it allows Jabber clients to connect externally and communicate seamlessly with internal services like Cisco Unified Communications Manager (CUCM), Cisco Webex, and other collaboration tools. Expressway-E provides secure firewall traversal and NAT (Network Address Translation) handling, ensuring that Jabber clients, even those behind firewalls or NAT devices, can connect securely and reliably.
Let’s break down the other options to understand why they are not correct:
A. Add Jabber users to Cisco Unity Connection: While Cisco Unity Connection is a unified voicemail system for Cisco collaboration solutions, adding Jabber users to Unity Connection is not a required step when setting up Jabber in a hybrid or cloud environment. Unity Connection deals with voicemail services and does not directly relate to the hybrid setup or the configuration necessary for Jabber to operate securely in a cloud environment.
C. Register Jabber users on Expressway-C: Expressway-C is the internal-facing component of the system, used primarily for calls and services within the enterprise network. It plays a role in managing internal calls, but Jabber users need to register with Expressway-E for external access. Expressway-C would not be used in this context for external Jabber user registration.
D. Provision Jabber users in the Cisco Webex Administration Tool: Provisioning users in the Cisco Webex Administration Tool is necessary for managing user accounts in Webex cloud services, but it is not the first or most important configuration step when setting up Jabber in a hybrid or cloud environment. The initial registration of users on Expressway-E ensures that they can connect securely to the enterprise network and services, which is the crucial first step.
Thus, B is the correct answer because registering Jabber users on Expressway-E is required for ensuring secure external connectivity in a hybrid or cloud-based setup.
Question 5
What is an essential step when configuring Cisco Jabber in a hybrid or cloud deployment?
A. Add the Jabber user to Cisco Unity Connection
B. Add the Jabber user to Expressway-E
C. Add the Jabber user to Expressway-C
D. Add the Jabber user to the Webex Administration Tool
Answer: B
Explanation:
When configuring Cisco Jabber in a hybrid or cloud deployment, a key step is to add the Jabber user to Expressway-E. This is because Expressway-E is the external-facing component of the Cisco Expressway solution, facilitating secure communication between internal services and users outside the corporate network. Expressway-E handles the necessary traversal through firewalls and NAT (Network Address Translation), which allows Jabber users to connect securely from external networks, such as from remote offices or mobile devices.
Adding Jabber users to Expressway-E ensures that external Jabber clients can authenticate and access various Unified Communications services, such as voice, video, presence, and instant messaging, over the internet. This is particularly important in hybrid or cloud-based deployments where Jabber clients are often outside the corporate network and need secure, seamless access to services like Cisco Unified Communications Manager (CUCM) and Cisco Webex.
Now, let's explore why the other options are not the most appropriate:
A. Add the Jabber user to Cisco Unity Connection: Cisco Unity Connection is an integrated voicemail solution for Cisco Collaboration. While it might be important to configure voicemail access for Jabber users, it is not the primary step needed for hybrid or cloud deployment configuration. The essential step for external connectivity is ensuring the Jabber client can securely connect through Expressway-E.
C. Add the Jabber user to Expressway-C: Expressway-C is responsible for handling internal communications and internal firewall traversal. While important for internal services, it is not the necessary step for setting up hybrid or cloud deployments, as external users (especially those outside the corporate network) must connect through Expressway-E, not Expressway-C.
D. Add the Jabber user to the Webex Administration Tool: While adding users to the Webex Administration Tool is necessary for managing Webex accounts and configurations, it is not the step required for setting up Jabber in a hybrid or cloud environment. The critical configuration for external connectivity is accomplished by adding the user to Expressway-E.
Thus, B is the correct answer because adding the Jabber user to Expressway-E is essential for ensuring external users can connect securely and access services in a hybrid or cloud deployment.
Question 6
Which two licenses are necessary for Cisco's Business-to-Business (B2B) feature to operate properly? (Choose two.)
A. Traversal Server license
B. TURN Relays license
C. Rich Media Sessions license
D. Advanced Networking license
E. Device Provisioning license
Answer: A, B
Explanation:
For Cisco's Business-to-Business (B2B) feature to operate properly, two important licenses are required: the Traversal Server license and the TURN Relays license.
Traversal Server License: This license is essential for enabling the traversal server functionality, which allows secure communication between devices located behind firewalls or NAT (Network Address Translation) devices. The Traversal Server enables seamless communication across network boundaries, ensuring that devices in different networks can connect to each other, even when they are behind restrictive firewalls. This is crucial for B2B communication, which involves connecting organizations or business partners securely over the internet.
TURN Relays License: The TURN (Traversal Using Relays around NAT) protocol is used to relay media traffic between devices when direct peer-to-peer communication is not possible due to firewalls or NAT. For B2B scenarios, TURN relays are vital to enable secure media transmission between devices located in different networks, ensuring that audio, video, and other forms of communication can be relayed properly. A TURN Relays license is required to activate this capability in the system.
Now, let's review why the other options are not the correct answer:
C. Rich Media Sessions License: The Rich Media Sessions license enables advanced media features, such as high-definition video and interactive collaboration features. While useful for enhancing media experiences, this license is not specifically necessary for B2B communication. The focus of B2B communication is ensuring secure connectivity across firewalls and NATs, which is primarily handled by the Traversal Server and TURN relays.
D. Advanced Networking License: The Advanced Networking license offers features related to network optimization, but it is not required specifically for B2B communication. The Traversal Server and TURN relays are more directly related to ensuring successful communication between external organizations.
E. Device Provisioning License: The Device Provisioning license pertains to the provisioning of endpoints and devices in a Cisco network, but it is not essential for B2B functionality. This license deals with the automatic configuration and management of devices, not specifically with enabling secure external communications in a business-to-business context.
Thus, the correct answers are A and B, as these licenses enable the essential features for secure B2B communication in Cisco's system.
Question 7
When Expressway-E uses a single NIC with NAT, how should the traversal client zone on Expressway-C be configured?
A. Enable TLS verification
B. Set the zone profile to default
C. Use the NAT address of Expressway-E as the peer address
D. Use the LAN IP address of Expressway-E as the peer address
Answer: C
Explanation:
When Expressway-E uses a single NIC with NAT (Network Address Translation), the correct configuration for the traversal client zone on Expressway-C is to use the NAT address of Expressway-E as the peer address. This is because Expressway-E, in this configuration, is typically deployed outside of the corporate network (i.e., in a DMZ or external network), and the NAT address represents the publicly accessible IP address that external clients use to connect to Expressway-E.
When configuring the traversal client zone on Expressway-C (which is typically used to manage internal communications), it needs to know how to reach Expressway-E across the network boundary. Since Expressway-E is behind NAT, Expressway-C must use the public NAT address of Expressway-E to ensure that it can properly route calls and traffic to the correct external IP.
Let's review why the other options are not correct:
A. Enable TLS verification: While TLS verification (Transport Layer Security) might be used for securing communication between Expressway servers, it is not the key configuration step required in this situation. The key configuration is ensuring that Expressway-C knows how to reach Expressway-E through the NAT address, not necessarily enabling TLS verification at this stage.
B. Set the zone profile to default: The zone profile determines the specific settings for the traversal zone (e.g., whether it's secure or using specific protocols). While default zone profiles can work for many configurations, it is not the key to resolving NAT issues. In this case, specifying the NAT address is more important for ensuring the correct routing of external traffic.
D. Use the LAN IP address of Expressway-E as the peer address: This would only be appropriate if Expressway-E were in the internal network and not behind NAT. Since Expressway-E is using NAT, Expressway-C needs to be configured with the public NAT address of Expressway-E to correctly route traffic through the external network. Using the LAN IP address would not work as Expressway-C would not be able to reach it from outside the internal network.
Therefore, the correct answer is C because the NAT address of Expressway-E is needed to route external traffic properly when NAT is used.
Question 8
How can an administrator restrict external callers from reaching a specific internal destination via Cisco Expressway?
A. Use a call policy rule on Expressway-E to block the call
B. Block the specific URI in the firewall section of Expressway
C. Apply a Feature Access Code (FAC) for the target alias
D. Create a search rule to route all calls through Cisco UCM
Answer: A
Explanation:
To restrict external callers from reaching a specific internal destination via Cisco Expressway, the administrator can use a call policy rule on Expressway-E to block the call. A call policy rule allows administrators to define specific criteria for controlling how calls are handled by Expressway-E. This can include conditions such as blocking calls from certain external sources to specific internal destinations.
For example, an administrator might create a policy rule to prevent calls from external callers (those coming from outside the internal network) from reaching a specific internal URI (Uniform Resource Identifier) or destination. This gives the administrator fine-grained control over which calls are allowed and which should be blocked, especially useful for managing security and controlling which external entities can access internal resources.
Let’s break down why the other options are not the best solutions:
B. Block the specific URI in the firewall section of Expressway: While blocking access to specific URIs (Uniform Resource Identifiers) is a way to restrict certain types of traffic, the firewall section of Expressway is typically used for controlling traffic at a higher network level, such as IP addresses and ports. The call policy rule provides more granular control over calls and can specifically block calls to particular destinations or URIs, which makes it a more appropriate solution.
C. Apply a Feature Access Code (FAC) for the target alias: Feature Access Codes (FAC) are used to enable or disable specific features or services for endpoints. Applying a FAC for a target alias would not effectively block calls; it would only control access to specific features. It is not the ideal solution for blocking external calls from reaching an internal destination.
D. Create a search rule to route all calls through Cisco UCM: A search rule is used for defining how calls are routed based on dialed patterns and other criteria. However, creating a search rule that routes all calls through Cisco Unified Communications Manager (UCM) does not specifically address blocking or restricting external calls. Search rules are about routing calls, not about blocking or restricting access to certain destinations.
Therefore, the correct answer is A because using a call policy rule on Expressway-E allows the administrator to block specific calls, ensuring that external callers cannot reach certain internal destinations.
Question 9
What is required on Cisco Expressway-E to allow secure media traversal when endpoints are behind NAT?
A. Enable H.323 to SIP interworking
B. Configure a DNS zone for public endpoints
C. Activate TURN services for media relay
D. Disable TLS encryption on media ports
Answer: C
Explanation:
To allow secure media traversal when endpoints are behind NAT (Network Address Translation) on Cisco Expressway-E, the key configuration required is to activate TURN services for media relay. TURN (Traversal Using Relays around NAT) is a protocol that helps relay media between endpoints when direct peer-to-peer communication is not possible, such as when both endpoints are behind NAT devices. By enabling TURN services, Expressway-E acts as a relay server that ensures media traffic (like voice and video calls) can be securely transmitted even if the endpoints cannot directly communicate due to NAT restrictions.
The TURN protocol is necessary for handling media traversal across NATs, especially in environments where endpoints are behind NAT or firewalls. Without TURN services, media traffic could be blocked or fail to establish properly, resulting in communication issues for remote users or mobile devices. This service helps ensure that Cisco Expressway-E can handle the media relay securely and effectively in scenarios where the endpoints are behind NAT.
Let's review the other options to understand why they are not correct:
A. Enable H.323 to SIP interworking: While H.323 to SIP interworking can be useful when working with mixed environments that support both protocols, it is not directly related to enabling secure media traversal for NAT scenarios. The TURN relay functionality is specifically designed to handle media traversal issues, which is the primary concern when dealing with NAT and secure media transmission.
B. Configure a DNS zone for public endpoints: Configuring a DNS zone for public endpoints helps in resolving the IP addresses of external devices or endpoints but does not directly address the media traversal issue caused by NAT. The TURN relay service, as mentioned earlier, is the core solution for secure media traversal.
D. Disable TLS encryption on media ports: Disabling TLS encryption would reduce security and is not a recommended practice. TLS (Transport Layer Security) provides encryption for signaling and media traffic, ensuring secure communications. Disabling TLS would expose communications to security risks and does not resolve issues related to media traversal behind NAT.
Therefore, the correct answer is C because activating TURN services enables secure media traversal for endpoints behind NAT, ensuring reliable media relay.
Question 10
Which method allows remote Cisco Jabber users to register with CUCM without a VPN connection?
A. Deploy Cisco Jabber Guest
B. Use Expressway-E and Expressway-C for Mobile and Remote Access (MRA)
C. Enable LDAP integration on Cisco Unity Connection
D. Configure a SIP trunk directly to Cisco Webex
Answer: B
Explanation:
To allow remote Cisco Jabber users to register with Cisco Unified Communications Manager (CUCM) without requiring a VPN connection, the solution is to use Expressway-E and Expressway-C for Mobile and Remote Access (MRA). MRA enables remote users to access corporate UC (Unified Communications) services, such as Jabber, securely over the internet, without the need for a traditional VPN connection. Expressway-E and Expressway-C work together to provide secure traversal across firewalls and NAT environments, ensuring that remote Jabber users can connect to CUCM from outside the corporate network.
Expressway-E handles the external-facing communication, allowing remote devices (like Jabber clients) to access the internal network securely.
Expressway-C manages internal communications and works with CUCM to route the calls and register remote users effectively.
This configuration ensures that Jabber users can register and use their UC services securely, without requiring a VPN connection to the corporate network, which is especially important for mobile users or those working remotely.
Let's review the other options to understand why they are not correct:
A. Deploy Cisco Jabber Guest: Cisco Jabber Guest is a solution designed for external participants to join a meeting or collaboration session. It is not meant for remote users to register with CUCM. While it allows guest access to meetings, it does not provide the full CUCM registration capabilities required for remote Jabber users.
C. Enable LDAP integration on Cisco Unity Connection: LDAP integration on Cisco Unity Connection helps synchronize user directories for voicemail services, but it is not relevant to remote Jabber user registration. The CUCM registration for Jabber users is facilitated through MRA (via Expressway), not through LDAP integration with Unity Connection.
D. Configure a SIP trunk directly to Cisco Webex: While SIP trunks can be used for voice and video calls, configuring a SIP trunk directly to Cisco Webex does not address the need for remote Jabber registration with CUCM. Webex is a separate cloud-based service, and this configuration is not focused on enabling remote Jabber client registration with CUCM.
Thus, the correct answer is B because using Expressway-E and Expressway-C for MRA enables remote Jabber users to register with CUCM securely, without requiring a VPN.
