[March-2023]300-820 Dumps PDF and VCE Free Download in Braindump2go[Q58-Q99]

March/2023 Latest Braindump2go 300-820 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 300-820 Real Exam Questions!

Which DNS record and port combination must be resolved externally for Mobile and Remote Access to be used?

A. _collab-edge on port 8443
B. _cisco-uds-edge on port 5061
C. _collab-edge on port 5061
D. _cisco-uds on port 8443

Answer: A
8443 is required from the public IP address of the expressway for collab-edge SRV records.

Cisco Collaboration endpoints are exchanging encrypted signaling messages.
What is one major complication in implementing NAT ALG for voice and video devices?

A. Internal endpoints cannot use addresses from the private address space.
B. The NAT ALG cannot inspect the contents of encrypted signaling messages.
C. NAT ALG introduces jitter in the voice path.
D. Source addresses cannot provide the destination addresses that remote endpoints should use for return packets.

Answer: B
A NAT ALG is similar to a firewall ALG, but a NAT ALG actually changes (maps) the addresses and ports in the signaling messages. The NAT ALG cannot inspect the contents of encrypted signaling messages.

Which step is taken when configuring a Cisco Expressway solution?

A. Configure the Expressway-E by using a non-traversal server zone.
B. Enable static NAT on the Expressway-E only.
C. Disable H.323 mode on the Expressway-E.
D. Enable H.323 H.460.19 demultiplexing mode on the Expressway-C.

Answer: B

An administrator is configuring a new Cisco Webex Hybrid Message Service deployment, and the Expressway-C Message Connector is successfully registered in the Control Hub. After the server information of the IM and Presence server is added to the Expressway-C, an error “Connectivity to IM and Presence AXL Service could not be established” is displayed in the Control Hub. The Cisco AXL Web Service is enabled on the IM and Presence Service publisher, and the main administrator account enabled for AXL API permission is being used.
Which configuration change must be made to resolve this error?

A. Enable the Cisco AXL Web Service on the Control Hub
B. Enable the Cisco AXL Web Service on the Expressway-C Message Connector
C. Enable an End User account for AXL.API permissions on the IM and Presence Service publisher
D. Enable a second administrator account for AXL API permissions on the IM and Presence Service publisher

Answer: D
Configure an account for Message Connector to access the AXL API of the Cisco Unified Communications Manager IM and Presence Service. You must use an independent administrator account, not the main administrator account.

Refer to the exhibit. When configuring a search rule that routes calls to a zone, what occurs when 13358 is dialed?

A. 13358 is replaced by 135, and then is sent to the local zone.
B. 13358 is replaced by 135 and remains in the same zone.
C. 13358 is replaced by 135, and then is sent to the traversal zone.
D. 13358 is sent directly to the traversal zone.

Answer: C

Refer to the exhibit. If the Webex Teams device cannot connect to Video Mesh Cluster-1 because it is busy, which media node does the Webex Teams device connect to next?

A. Both Cloud Node US-EAST and US-WEST
B. Video Mesh Cluster-2
C. Cloud Node US-EAST
D. Cloud Node US-WEST

Answer: B
“Which cluster is used also depends on latency rather than just location. For example, a cloud cluster with lower STUN round-trip (SRT) delay than a Webex Video Mesh cluster may be a better candidate for the meeting. This logic prevents a user from landing on a geographically far cluster with a high SRT delay”.

Refer to the exhibit. Which description of the transformation is true?

A. It converts [email protected]:<port> to [email protected]
B. It changes all patterns that begin with [email protected]:<port> to [email protected]
C. It changes [email protected]:<port> to [email protected]
D. It converts [email protected]:<port> to [email protected]

Answer: A

You must install an Expressway Edge server pair to enable mobile and remote access for a customer network. Which two requirements are used to install an MRA solution successfully? (Choose two.)

A. Configure your firewalls to allow traffic from Expressway-Core to Expressway-Edge servers and to allow traffic from internet hosts to Expressway-Edge servers.
You do not need to configure firewall rules for traffic from Expressway-Edge to Expressway Core servers.
B. You can deploy Edge servers with multiple network interfaces or with a single network interface.
In both scenarios, you must enable NAT for the Internet-facing interface if you are using private Ip addresses.
C. Make sure that Expressway-Edge and Expressway-Core servers have their server certificates signed by the same certification authority and the CA certificate is uploaded to the trusted CA store otherwise the Traversal zone will not work.
D. Configure DNS SRV records according. Make sure that you can resolve DNS SRV record_collab- edge_tls.yourdomain.com outside your company network.
Make sure that you cannot resolve it inside your company network.

Answer: CD

Which two statements about Expressway-C / Expressway-E Firewall Traversal are correct? (Choose two.)

A. SIP or H.323 “fixup” ALG or awareness functionality must be enabled on the NAT firewalls.
B. The communications between Expressway-C and Expressway-E are always initiated from the Expressway-C to the Expressway-E.
C. The communications between Expressway-C and Expressway-E are always initiated from the Expressway-E to the Expressway-C.
D. SIP or H.323 “fixup” ALG or awareness functionality must be disabled on the NAT firewalls.
E. SIP or H.323 “fixup” ALG or awareness functionality must be enabled on the NAT firewall between the DMZ and the Internet only.

Answer: BD

Which media encryption mode can be configured on an Expressway zone?

A. Advanced Encryption Standard
B. IPsec
C. Triple Data Encryption Standard
D. force unencrypted

Answer: D
Available modes are “Force encrypted, Force unencrypted, Auto and Best Effort”.

What is the purpose of a transform in the Expressway server?

A. A transform has the function as a neighbor zone in the Expressway. It creates a connection with another server.
B. A transform changes the audio codec when the call goes through the Expressway.
C. A transform is used to route calls to a destination.
D. A transform changes an alias that matches certain criteria into another alias.

Answer: D

A Cisco Webex Hybrid Video Mesh Node can be installed in the DMZ and on the internal network.
Which statement is true?

A. Webex Cloud supports either a DMZ-based Mesh Node for security or an internal-based Mesh Node for media control only.
B. Installing a Video Mesh Node in the DMZ requires you to open TCP and UDP port 4444 in your internal firewall for full clustering functionality.
C. Installing a Video Mesh Node in the DMZ requires the external firewall to allow UDP traffic from ANY port to the address of the Video Mesh Nodes via port 5004.
D. Using internal Video Mesh Node also works due to Mobile and Remote Access setup for Webex Teams clients. A DMZ node is added for extra security.

Answer: C
The external firewall will need to allow UDP traffic from ANY port to the address of the Video Mesh Nodes via port 5004, so that roaming Webex Teams endpoints can send media to the nodes. This is not a preferred approach.

An organization with a domain name of example.com.
Which two SRV records are valid for a SIP and H.323 communication? (Choose two.)

A. _sips._tcp.example.com
B. _sips._udp.example.com
C. _h323ls._udp.example com
D. _h323ls._tcp.example.com
E. _collab-edge._tls.example.com

Answer: AC
The format of DNS SRV queries for sip (RFC 3263) and H.323 used by Expressway are:
_sip._udp.<fully.qualified.domain> – not recommended for video calls, only use for audio-only calls
_h323ls._udp.<fully.qualified.domain> – for UDP location (RAS) signaling, such as LRQ
_h323cs._tcp.<fully.qualified.domain> – for H.323 call signaling
The format of DNS SRV queries for sip (RFC 3263) and H.323 typically used by an endpoint are:
_sip._udp.<fully.qualified.domain> – not recommended for video calls, only use for audio-only calls
_h323ls._udp.<fully.qualified.domain> – for UDP location (RAS) signaling, such as LRQ
_h323cs._tcp.<fully.qualified.domain> – for H.323 call signaling
_h323rs._udp.<fully.qualified.domain> – for H.323 registrations

How does an administrator configure an Expressway to make sure an external caller cannot reach a specific internal address?

A. add the specific URI in the firewall section of the Expressway and block it
B. block the call with a call policy rule in the Expressway-E
C. add a search rule route all calls to the Cisco UCM
D. configure FAC for the destination alias on the Expressway

Answer: B

Refer to the exhibit. Which inbound connection should an administrator configure on the outside firewall?

A. Media: UDP 36000 to 36011
B. HTTPS (tunneled over SSH between C and E): TCP 2222
C. SIP: TCP 5061
D. XMPP: TCP 5222

Answer: D
SIP UDP: 5060
SIP TCP: 5060
SIP TLS: 5061
XMPP TCP: 5222
RTP/RTCP: 36000-59999

Which SIP media encryption mode is applied by default for newly created zones in the Cisco Expressway?

A. Off
B. Auto
C. Force Encrypted
D. Best Effort

Answer: B
Auto – no specific media encryption policy is applied by the Expressway. Media encryption is purely dependent on the target system/endpoint requests. This is the default behavior and is equivalent to how the Expressway operated before this feature was introduced.

Which two licenses are required for the Expressway B2B feature to work? (Choose two)

A. Traversal Server
B. Advanced Networking
C. Device Provisioning
D. Rich Media Sessions
E. TURN Relays

Answer: AD

A MRA deployment is being configured where one of the requirements is for registered Jabber users to pull directory photos from an internal server.
What should be configured on the Expressway-C so that MRA registered clients reach this server?

A. A search rule must be created to route the requests to Cisco UCM.
B. The directory photo server must be added to the HTTP allow list.
C. A neighbor zone must be created to the directory photo server.
D. The directory photo server FQDN must be added to the Expressway-C certificate.

Answer: B

An external Jabber device cannot register. While troubleshooting this issue, the engineer discovers that privately signed certificates are being used on Expressway-C and Expressway-E.
What action will resolve this issue?

A. The private CA certificate must be placed in the phone trust store.
B. The Jabber client must register to the Cisco UCM internally before it will register externally.
C. The device running the Jabber client must use a VPN to register.
D. The device running the Jabber client must download and trust the private CA certificate.

Answer: D

Which connection does the traversal zone configuration define?

A. Expressway-E and Collaboration Endpoints
B. Cisco UC and Cisco Unified Presence Server
C. Cisco Expressway-C and Cisco Expressway-E platforms
D. Cisco UCS E-Series and Cisco UCM

Answer: C

An engineer wants to configure a zone on the Expressway-E to receive communications from the Expressway-C in order to allow inbound and outbound calls.
How is the peer address configured on the Expressway-C when Expressway-E has only one NIC enabled and is using static NAT mode?

A. Expressway-E FQDN
C. Expressway-E DHCP

Answer: A

Between which two DTMF relay methods does the Expressway support interworking? (Choose two.)

A. unsolicited notify
B. RFC 2833
D. passthrough
E. H.245 user input indication

Answer: BE
When the Expressway is interworking a call between SIP and H.323, it also interworks the DTMF signaling, but only between RFC 2833 DTMF, and the H.245 user input indicators “dtmf” and “basicString”.

Refer to the exhibit. A new neighbor zone is added for a new Cisco Meeting Server, but the zone is showing a SIP status of failed from the time the zone it was created.
What should be done to resolve this issue?

A. The search rule must be changed to continue on match
B. The existing zone using ID 7 must be deleted
C. More bandwidth must be added to the appropriate pipes
D. The underlying DNS issue must be resolved

Answer: D

What allows endpoints behind a NAT to discover the paths through which they will pass media?


Answer: D

Which two types of information does Cisco Expressway back up? (Choose two.)

A. call records
B. log files
C. IP addresses
D. current call states
E. security certificates

Answer: AE
The data saved to a backup file includes:
– Bootstrap key (from X8.11)
– System configuration settings
– Clustering configuration
– Local authentication data (but not Active Directory credentials for remotely managed accounts)
– User account and password details
– Server security certificate and private key
– Call detail records (if the CDR service on Expressway is enabled)

When a Cisco Webex Video Mesh Node is co figured for an organization, which process does the Webex Teams client use to discover the optimal bridging resource?

A. the lowest STUN round-trip delay to each node and cloud
B. a reachable Video Mesh Node and then overflows to the cloud, if needed
C. the SIP delay header during call setup
D. an HTTPS speed and latency test to each node and the cloud

Answer: B

Which protocol should be used to verify the connectivity for different media paths found during a call using ICE?


Answer: A

Which two considerations must be made when using Expressway media traversal? (Choose two.)

A. It is possible to NAT both Expressway-E interfaces
B. The Unified Communications traversal zone should be used for MRA
C. The Expressway-E must be put in a firewall DMZ segment
D. Expressway Control is the traversal server installed in the DMZ
E. Cisco UCM zone should be either traversal server or client

Answer: BC

Refer to the exhibit. Which two outbound connections should an administrator configure on the internal firewall? (Choose two.)

A. XMPP: TCP 7400
B. SIP: TCP 7001
C. SIP TCP 5061
D. Media: UDP 36012 to 59999
E. HTTPS: TCP 8443

Answer: AB
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/Cisco-Expressway-IP-Port-Usage-for-The internal firewall must allow the following outbound connections from the Expressway-C to the Expressway-E:
SIP: TCP 7001
Traversal media: UDP 2776 to 2777 (or 36000 to 36011 for large
XMPP: TCP 7400
HTTPS (tunneled over SSH between C and E): TCP 2222

Which complication does a NAT introduce in SDP for a SIP call?

A. Additional headers due to NAT encapsulation can cause the packet size to exceed the MTU.
B. When the client is behind a NAT they may be unable to determine the appropriate offset due to time zones.
C. The IP address specified in the connection data field may be an unrouteable internal address.
D. The encryption keys advertised in the SDP are only valid for clients not behind a NAT.

Answer: C
The problem is that if NAT enabled, some firewalls doesn’t write the translated address into the SIP Signalling (fortinet for example has VIP feature that make it works).

Cisco media traversal technology has enabled a secure environment where internal video endpoints call and receive calls from external video endpoints.
How does the Expressway-C and Expressway-E communicate?

A. Expressway-C establishes an outgoing request to Expressway-E, enabling the Expressway-E in the DMZ to notify the internal Expressway-C of an incoming call from an external endpoint.
B. Internal endpoints are registered to Expressway-E in the DMZ. Expressway-C, which is also in the DMZ, will receive and make calls on behalf of Expressway-E because they are in the same network.
C. Expressway-E establishes an outgoing request to Expressway-C, enabling the Expressway-C in the DMZ to notify the internal Expressway-E of an incoming call from an external endpoint.
D. Internal endpoints are registered to Expressway-C in the DMZ. Expressway-E, which is also in the DMZ, will receive and make calls on behalf of Expressway-C because they are in the same network.

Answer: A
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/exwy_b_mra-expressway-deployment-guide/exwy_b_mra- expressway-deployment-guide_chapter_00.html

Which dial plan component is configured in Expressway-C to route a call to the Cisco UCM?

A. call routing
B. traversal subzone
C. call policy
D. search rule

Answer: D
Search rules specify the range of telephone numbers / URIs to be handled by this neighbor Unified CM. They can also be used to transform URIs before they are sent to the neighbor.

Which attribute in the SDP for a call is affected by the static NAT address configuration in an Expressway-E?

A. connection
B. name
C. version
D. bandwidth

Answer: A
c-line shows the connection information, Media IP address.

An engineer is deploying an Expressway solution for the SIP domain Cisco.com.
Which SRV record should be configured in the public DNS to support inbound B2B calls?

A. _collab-edge._tls.cisco.com
B. _cisco-uds._tcp.cisco.com
C. _sip._tcp.cisco.com
D. _cuplogin._tcp.cisco.com

Answer: C
SIP B2B – Cisco SRV Records for business-to-business
_sips._tcp.domain 5061 TLS
_sip._tcp.domain 5060 TCP
_sip._udp.domain 5060 UDP

A call is sent by Cisco UCM to Expressway with a URI of [email protected] If (7508…) @expc1a\.pod8\.test\.lab.* is the pattern string, what would be the replacement string of the transform in Expressway to re-write the call so that it becomes [email protected]?

A. \[email protected]\[email protected]
B. \[email protected]\.pod8\.test\lab.*
C. \[email protected]\.test\.lab
D. \[email protected]\.pod8\.test.lab.!

Answer: C

Refer to the exhibit. Calls to locally registered endpoints are failing. At present, there are two endpoints registered locally to this Expressway.
An H.323 endpoint with an alias of “EndpointA” is registered, and a SIP endpoint with an alias of “[email protected]” is also registered. How is this issue resolved?

A. The dialplan must be redesigned to use the transforms to convert the alias into SIP URI format and then use separate search rules for each format that needs to be dialed within the local zone.
B. The calls are failing because there are insufficient licenses. Additional licenses must be installed for the Expressway to route these calls.
C. The current search rule does not match the call, so the search rule must be modified to include a SIP Variant of “Standards-Based”.
D. Calling parties are placing calls with the wrong domain. End-users must be instructed not to use the pod1.local domain as that is owned by the local system. Calls to any other domain would work.

Answer: A

Refer to the exhibit. An engineer is deploying mobile and remote access in an environment that already had functioning Business to Business calling. Mobile and remote access SIP registrations are failing.
To troubleshoot, SIP logs were collected. How is this issue resolved?

A. Change the SIP profile on the SIP trunk for the Expressway-E to Standard SIP Profile for TelePresence Endpoint
B. Change the “Incoming Port” in the SIP Trunk Security Profile for the Expressway-C to not match SIP line registrations
C. Enable autoregistration for the appropriate DN range on the Cisco UCM servers running the CallManager service
D. Write a custom normalization script since the “vcs-interop” normalization script does not allow registrations

Answer: B
In order to correct this issue, change the SIP port on the SIP Trunk Security Profile that is applied to the existing SIP trunk configured in CUCM and the Expressway-C neighbor zone for CUCM to a different port such as 5065.

Refer to the exhibit. Logins and failing via mobile and remote access. How is this resolved?

A. Mobile and remote access login has not been enabled for the domain configured in the Expressway-C. The domain must be edited to allow Cisco UCM registrations.
B. SIP is disabled on the Expressway-E. The SIP protocol must be enabled on the server.
C. No Cisco UCM servers are configured in the Expressway-C. Servers must be added for CallManager and IM and Presence services.
D. Although a traversal client zone exists, there is no Unified Communications traversal client zone. One must be created.

Answer: D
If you look at the bottom of the diagram, it shows a CUCM server configured and also states at the very bottom that the UC traversal zone is not configured.

Refer to the exhibit. Mobile and remote access is being added to an existing B2B deployment and is failing.

When the administrator looks at the alarms on the Expressway-C, the snippets are shown. Which configuration action should the administrator take to fix this issue?

A. The listening port on the Expressway-C for SIP TCP must be changed to a value other than 5060
B. The listening port on the Expressway-C for SIP TLS must be changed to a value other than 5061
C. The listening port on the Cisco UCM for the Expressway-C SIP trunk must be changed to something other than 5060 or 5061
D. The listening port on the Cisco UCM for the Expressway-C SIP trunk is set to something other than 5060 or 5061. It must be set to 5060 for insecure and 5061 for secure SIP

Answer: C

Refer to the exhibit. The administrator attempted to log in, but Jabber clients cannot log in via mobile and remote access. How is this issue resolved?

A. Skype for Business mode must be disabled on the DNS server because it conflicts with Jabber login requirements.
B. The domain pod1.local must be deprovisioned from the Webex cloud for Jabber logins.
C. A DNS SRV record must be created for _collab-edge._tls.pod1.local that points to the Expressway-D.
D. The username [email protected] is invalid. The user should instead sign-in simply as jabberuser.

Answer: C

Refer to the exhibit showing logs from the Expressway-C, a copy of the Expressway-E certificate, and the UC traversal zone configuration for the Expressway-C.
An office administrator is deploying mobile and remote access and sees an issue with the UC traversal zone. The zone is showing “TLS negotiation failure”. What is causing this issue?

A. The Expressway-E certificate includes the Expressway-C FQDN as a SAN entry
B. The Expressway-C is missing the FQDN of Cisco UCM in the Common Name of its certificate
C. In the UC Traversal Zone on the Expressway-C, the peer address is set to the IP of the Expressway- E, which is not a SAN entry in the Expressway-E certificate
D. The Expressway-E does not have the FQDN of Cisco UCM listed as a SAN in its certificate

Answer: C
Note that if you use an IP address (not recommended), that address must be present in the Expressway-E server certificate.

Resources From:

1.2023 Latest Braindump2go 300-820 Exam Dumps (PDF & VCE) Free Share:

2.2023 Latest Braindump2go 300-820 PDF and 300-820 VCE Dumps Free Share:

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!