Cisco 350-801 Implementing Cisco Collaboration Core Technologies (CLCOR) Exam Dumps and Practice Test Questions Set1 Q1-15
Visit here for our full Cisco 350-801 exam dumps and practice test questions.
Question1:
In a Cisco Unified Communications Manager (CUCM) deployment, an engineer is configuring SIP line registration for a large number of remote teleworkers using Cisco Unified Border Element (CUBE). The security team requires encryption of signaling and media while ensuring interoperability with external SIP trunk providers that support only TLS but not SRTP fallback. Which configuration approach BEST satisfies the requirement?
A) Configure CUCM and CUBE to use TCP for signaling and RTP for media, allowing secure traversal through NAT
B) Configure CUCM and CUBE for TLS signaling and SRTP-only media and ensure the SIP trunk provider supports SRTP passthrough
C) Configure SIP over TLS on CUBE toward CUCM and use SIP UDP toward the service provider to maintain signaling compatibility
D) Configure CUBE to terminate TLS from CUCM and re-encrypt media using SRTP-to-RTP interworking toward the provider
Answer: B
Explanation:
Option A describes a configuration relying on TCP for signaling and RTP for media, which is not encrypted. This contradicts the stated requirement because the security team has mandated encrypted signaling and encrypted media. TCP provides no encryption, and RTP without SRTP provides no media protection. Even if NAT traversal works, this does not fulfill the encryption requirement. The exam often tests the candidate’s knowledge of mandatory security expectations for teleworker deployments, especially when traffic must pass through the public internet. Since the question explicitly requires encryption for both signaling and media, Option A is immediately insufficient. Furthermore, exam questions frequently reinforce that secure communication should not rely solely on transport-layer reliability, and this option fails to satisfy the fundamental security requirement.
Option B presents TLS for signaling and SRTP-only for media, with the requirement that the SIP trunk provider supports SRTP passthrough. This is the only option that directly ensures both encrypted signaling and encrypted media without fallback mechanisms that may create unencrypted gaps. TLS encrypts SIP signaling messages, protecting registration, call control information, and SIP headers that may contain sensitive user details. SRTP protects media streams, ensuring confidentiality and integrity. The exam emphasizes the importance of using SRTP alongside TLS when securing SIP trunks and remote worker communications. SRTP-only configurations do not permit fallback to RTP, meaning calls will fail if the provider does not support SRTP passthrough. The question states the provider supports TLS but does not support SRTP fallback, implying they expect strict SRTP enforcement. Therefore, this option directly satisfies both technical and policy-based requirements, making it the correct answer.
Option C proposes TLS toward CUCM but uses UDP toward the provider. While it preserves encryption toward CUCM, the signaling toward the provider becomes unencrypted. The provider supports TLS; therefore, downgrading to UDP unnecessarily weakens security. Because the requirement mandates encrypted signaling and media for remote workers, using UDP for signaling violates policy. Additionally, losing signaling encryption through CUBE undermines end-to-end confidentiality and exposes sensitive metadata to interception. Exam content stresses that SIP trunk security must be consistent across the signaling path, and mixing encrypted and unencrypted segments is discouraged unless absolutely necessary. Here, it is not necessary, so Option C does not meet the requirement.
Option D offers a scenario involving TLS termination and SRTP-to-RTP conversion. This breaks end-to-end media encryption, which is prohibited by the requirement. Although CUBE can perform media interworking, doing so results in media being decrypted and then re-encrypted—or decrypted without re-encryption—depending on configuration. Since the question explicitly forbids unencrypted media, performing SRTP-to-RTP interworking violates the requirement. The exam often includes scenarios where candidates must recognize that secure deployment means avoiding media termination or conversion that breaks SRTP, unless fully justified and permitted. Here, it is not permitted, eliminating Option D. Thus, the only option that meets all conditions is Option B.
Question2:
A Cisco Unified IM and Presence (IM&P) cluster is deployed across two data centers with high availability enabled. Users report intermittent login failures on Jabber clients and delayed presence updates during failover events. Analysis shows that some clients are not failing over properly to the secondary node. Which design change BEST ensures consistent failover behavior for all Jabber users?
A) Configure DNS SRV records with equal priority and weight for all presence nodes
B) Deploy Cisco Expressway-C/E clusters and have Jabber register exclusively through MRA
C) Implement a CUCM subcluster design with publisher-only presence assignment
D) Use normalized DNS SRV priorities with XMPP load balancing and ensure users have redundant home nodes
Answer: D
Explanation:
Option A suggests configuring DNS SRV records with equal priority and weight for all IM&P nodes. While equal SRV settings distribute load, they do not guide the failover process effectively. When nodes share equal priority, Jabber randomly selects a node during login, but failover behavior during an outage becomes inconsistent. Without structured priority, Jabber may repeatedly attempt failed nodes, prolonging recovery time. The exam frequently tests the candidate’s ability to differentiate between load balancing strategies and failover strategy correctness. Equal priorities emphasize load distribution—not resilience. Therefore, this option fails to ensure consistent failover during node failures.
Option B proposes forcing Jabber to register exclusively through Mobile and Remote Access (MRA). Although MRA offers traversal and secure connectivity for remote users, it does not inherently solve internal presence failover issues. Presence login failures originate from the IM&P node redundancy process, not from signaling traversal. Forcing all users to use Expressway unnecessarily complicates internal infrastructure without addressing the root cause. The exam often stresses that MRA should only be used when necessary and not as a general-purpose failover mechanism. Therefore, this option does not solve the failover inconsistency and introduces architectural overhead.
Option C describes a design with publisher-only assignment for presence. This contradicts IM&P redundancy best practices because the IM&P cluster requires load distribution between nodes, with users assigned home nodes rather than relying on publisher-only assignment. Using only the publisher eliminates high availability and leads to a single point of failure. Exam scenarios often highlight the importance of distributed presence assignments to preserve service continuity. Therefore, this option outright violates best practices.
Option D offers normalized DNS SRV priorities combined with XMPP load balancing and redundant home node assignments. This strategy ensures clients attempt primary nodes first, then secondary nodes in a predictable sequence, aligning with IM&P high-availability requirements. Jabber clients rely heavily on properly configured SRV priorities to determine failover order. XMPP load balancing ensures presence traffic is distributed effectively, reducing load issues that may exacerbate failure conditions. Furthermore, assigning redundant home nodes ensures that if a user’s primary presence node becomes unavailable, Jabber immediately attempts its paired node, reducing log-in failures and slow presence propagation. The exam underscores the importance of predictable redundancy design, especially for IM&P clusters spanning multiple data centers. Therefore, Option D is the correct answer.
Question3:
An engineer is deploying Cisco Unity Connection for voicemail integration with CUCM using SIP. The organization requires guaranteed message waiting indicator (MWI) synchronization and redundancy during node outages. During testing, MWI updates are delayed or missed when a subscriber Unity node fails. What configuration BEST ensures reliable MWI delivery across all CUCM phones?
A) Configure SIP MWI using only the publisher Unity node
B) Use dual SIP integrations to both Unity nodes and configure CUCM MWI fallback logic
C) Assign all MWI ports exclusively to one subscriber node for load balancing
D) Implement SCCP integration instead of SIP to ensure more reliable MWI signaling
Answer: B
Explanation:
Option A suggests using only the publisher Unity node for SIP MWI, but this defeats redundancy. If the publisher experiences issues or becomes unreachable, all MWI signaling is interrupted. The exam emphasizes that voicemail systems must be designed with redundancy to avoid single points of failure. Unity Connection supports multiple nodes in a cluster, and SIP integration should be configured to leverage both nodes. Using only the publisher is inconsistent with the requirement of guaranteed synchronization and redundancy.
Option B describes dual SIP integrations to both Unity nodes, with CUCM configured for MWI fallback. This is the recommended and documented design for Unity Connection high availability. CUCM can route SIP MWI notifications via multiple SIP trunks mapped to different Unity nodes. When one node fails, CUCM fails over the MWI signaling to the other trunk, ensuring message updates are delivered without delay. The exam often includes questions about MWI reliability because missed or delayed MWI updates create significant user disruption. By configuring dual integrations and fallback logic, the engineer ensures that both voicemail access and MWI signaling remain functional even when a subscriber node fails. This directly satisfies the requirement for guaranteed synchronization and redundancy, making this option correct.
Option C attempts to use only one subscriber node for all MWI ports. While this may improve consistency in a normal environment, it reduces redundancy. If that subscriber node fails, all MWI updates stop. The question specifically states that MWI updates fail during subscriber node outages, and this option reinforces that problem rather than solving it. The exam evaluates understanding of proper redundancy design, and centralizing MWI on one node is poor practice.
Option D suggests using SCCP instead of SIP. While SCCP historically supported robust MWI mechanisms, Cisco has moved toward SIP for modern voicemail integrations. SCCP integration is not more reliable in this context and is not preferred for high availability deployments. Furthermore, switching integration protocols does not inherently solve the redundancy and failover issue unless properly architected. The question’s requirements can already be satisfied using SIP. Therefore, this option does not align with recommended best practices.
Question4:
A company deploys Cisco Expressway-C and Expressway-E for Mobile and Remote Access (MRA). Remote Jabber users randomly experience failed registrations and intermittent call failures. Logs reveal that traversal zones occasionally reject SIP requests due to certificate validity errors. Security policies require certificate-based authentication and TLS verification. What adjustment MOST effectively resolves the issue?
A) Replace Expressway certificates with self-signed certificates to bypass external validation
B) Ensure the full certificate chain, including intermediate CA certificates, is installed correctly on both Expressway-C and Expressway-E
C) Disable TLS verification and allow SIP over TCP for MRA traffic
D) Configure Jabber to ignore certificate warnings during registration
Answer: B
Explanation:
Option A suggests reverting to self-signed certificates, which is not compliant with security policies. Self-signed certificates weaken trust validation because they are not anchored by a known certificate authority. Expressway-based MRA authentication depends heavily on certificate validity checks between C and E nodes, as well as between Expressway and Jabber clients. Self-signed certificates would cause additional validation failures rather than prevent them. The exam frequently stresses the importance of trusted, CA-signed certificates for MRA.
Option B addresses the core issue: missing intermediate certificates. When Expressway receives or presents a certificate, both sides must verify the entire certificate chain. If intermediate certificates are absent or improperly installed, TLS verification fails, resulting in denied traversal attempts and rejected SIP requests. Remote Jabber registration depends on Expressway-E correctly validating both client certificates and server certificates issued by the internal PKI or public CA. The exam highlights that incomplete certificate chains are a common cause of intermittent failures because some devices cache certificates while others request full validation each time. Ensuring that both Expressway-C and Expressway-E have a complete chain prevents random rejections and ensures consistent TLS handshake behavior. Therefore, this option directly resolves the issue and meets policy requirements.
Option C—disabling TLS verification—violates the stated security policy. Security policies require certificate-based authentication and TLS verification, so bypassing security checks is explicitly forbidden. Exam questions often challenge candidates to recognize that disabling security is never an acceptable solution in enterprise environments.
Option D suggests configuring Jabber to ignore certificate warnings. This does not address the underlying certificate chain issues and creates a risky security posture. Jabber ignoring warnings does not fix server-side certificate validation failures. Instead, it masks the symptoms while allowing insecure behavior. Cisco exam content emphasizes maintaining proper chain validation rather than user-level overrides.
Thus, Option B is the appropriate solution.
Question5:
A Cisco Contact Center Express (UCCX) system is integrated with CUCM using JTAPI. During peak call hours, agents report delayed call routing, long wrap-up times, and occasional call failures. System monitoring shows high CPU utilization on the CUCM subscriber handling CTI Manager services. Which solution BEST improves stability and performance?
A) Move CTI Manager services to the CUCM publisher to balance load across nodes
B) Deploy an additional CUCM subscriber dedicated to CTI Manager services and reassign UCCX to the new node
C) Increase agent timeout values in UCCX scripts to reduce transaction volume
D) Configure UCCX to use SIP-based call control instead of JTAPI to reduce dependency on CTI Manager
Answer: B
Explanation:
Option A recommends moving CTI Manager to the CUCM publisher, but the publisher should not be burdened with high-volume production CTI workloads. Publisher nodes are typically reserved for database writes and administrative tasks. Adding CTI traffic increases load and can jeopardize cluster performance. The exam emphasizes that the publisher is not designed for real-time CTI tasks.
Option B is the correct solution because adding another CUCM subscriber specifically for CTI Manager allows UCCX to offload CTI signaling from the overloaded node. UCCX relies heavily on JTAPI and CTI Manager for call routing, agent state control, and call distribution. When CTI Manager is overloaded, delays ripple through UCCX, causing slow routing, delayed wrap-up processing, and occasional call handling failures. The exam frequently tests the candidate’s understanding of how CTI scaling correlates to CUCM node load. Deploying an additional subscriber and assigning UCCX to that node improves redundancy, performance, and fault tolerance.
Option C increases timeout values in scripts, but this merely hides symptoms rather than solving the underlying performance issue. Increasing timeout values does not reduce load; it prolongs steps in call flows, potentially increasing queue time and degrading user experience. This approach is not aligned with best practices.
Option D proposes using SIP instead of JTAPI, but UCCX fundamentally relies on JTAPI. SIP cannot replace JTAPI for agent control, call state tracking, and routing logic. JTAPI is required for UCCX functionality. Changing call control protocol does not address CTI Manager overload, nor is it feasible in UCCX architecture.
Question6:
A Cisco Unified Communications Manager cluster is supporting a large enterprise with multiple remote sites connected through a WAN. Users at several sites report intermittent one-way audio when making SIP-based intersite calls routed through CUBE. Packet captures reveal that media packets are being sent to an incorrect IP address during call setup. The engineer discovers that early media is being negotiated before CUBE finishes updating the SDP with the correct media address. Which configuration change BEST resolves the issue?
A) Enable SIP UDP instead of TCP to speed up signaling and reduce negotiation delay
B) Configure CUBE to disable early media and require a 200 OK before sending media paths
C) Set CUCM to use delayed-offer SDP for all SIP trunk calls toward CUBE
D) Enable symmetric RTP on CUBE to force media to be anchored consistently
Answer: C
Explanation:
Option A suggests using SIP UDP instead of SIP TCP to speed up signaling. Although UDP is lighter and sometimes used for SIP signaling, it does not influence the SDP negotiation sequence or how early media is exchanged between endpoints. The problem described involves the wrong media IP being used because early media occurs before CUBE has the chance to modify the SDP. UDP does not meaningfully change the fact that early media may be sent prematurely. Additionally, UDP is not recommended in enterprise environments due to reliability concerns. Therefore, this option does not address the root cause and is not consistent with Cisco design recommendations.
Option B proposes disabling early media on CUBE and requiring a 200 OK before media flows. While this sounds like a potential solution, disabling early media can break legitimate call flows that require early media—such as IVRs, ringback tones generated by remote carriers, and certain services that rely on provisional responses like 183 Session Progress. Early media plays an important role in signaling progress information and ensuring proper call handling. Disabling it can cause functionality issues and is not the recommended approach. The exam often tests whether candidates understand the implications of early media on SIP call flows and why disabling it is rarely the correct solution.
Option C explains using delayed-offer SDP on CUCM for SIP trunks toward CUBE. In a delayed-offer model, the initial INVITE does not include SDP. Instead, CUCM waits until the 200 OK response before including SDP. This gives CUBE the necessary opportunity to anchor, modify, or allocate the correct media address before any media packets are exchanged. This approach directly addresses the issue described: early media is being negotiated incorrectly because the offer arrives too early, before CUBE can process it. Delayed-offer SDP ensures that SDP negotiation happens at a more predictable and controlled point in the call setup, eliminating the mismatch of media addresses. This aligns with Cisco best practices for SIP trunking, especially in multi-site deployments using CUBE. Therefore, this is the correct answer.
Option D suggests enabling symmetric RTP. Although symmetric RTP can help with NAT traversal by making endpoints send RTP back to the IP/port where they received RTP from, it does not resolve incorrect SDP addresses being offered too early. Symmetric RTP only influences media directionality and NAT compatibility—it cannot correct premature or incorrect SDP negotiation. The root cause is early SDP negotiation, not NAT traversal or symmetric behavior. As a result, this option is not a valid fix.
Thus, Option C is the correct answer because delayed-offer SDP ensures that CUBE sees the completed signaling context before media is negotiated, preventing mismatched media IP addresses and eliminating the one-way audio issue.
Question7:
A company is migrating from SCCP phones to SIP phones across all branches. After migration, users report that conference calls initiated on SIP phones intermittently fail, especially when participants are from different regions connected through different SIP trunks. CUCM traces show multiple re-INVITE messages being sent during call setup and mid-call, leading to failures due to mismatched media capabilities. Which configuration adjustment is MOST effective in ensuring stable conferencing?
A) Disable MTP on all SIP trunks to avoid unnecessary media anchoring
B) Enable MTP on the SIP profiles used by the phones to standardize codec negotiation
C) Change all SIP trunks to early-offer to reduce mid-call re-INVITE messages
D) Remove all non-G.711 codecs from phone device pools to simplify negotiation
Answer: B
Explanation:
Option A proposes disabling MTP everywhere, which may worsen the problem. MTP (Media Termination Point) acts as a stabilizer for SIP feature support, especially in scenarios involving conferencing, supplementary services, and interworking between regions. When multiple SIP trunks and SIP endpoints with varied capabilities are involved, CUCM might send multiple re-INVITEs to align media capabilities. Without an MTP, these negotiations can become unstable. The problem described clearly relates to inconsistent media capabilities, making MTP essential rather than optional. Thus, disabling MTP creates more instability and does not solve the core issue.
Option B proposes enabling MTP on the SIP profiles used by the phones. This ensures consistent media handling, removes the dependency on end-to-end codec matching, and stabilizes re-INVITE negotiations. When conferencing features are invoked, CUCM may require a mid-call re-INVITE to negotiate additional capabilities such as conference bridges or multipoint signaling. SIP phones across regions may advertise different codec sets or different support for features like DTMF, which can cause the re-INVITE sequence to fail. By anchoring media through MTP, CUCM can normalize codec expectations, support DTMF interworking, and reduce renegotiation attempts. This leads to more stable conference setup. Cisco strongly recommends enabling MTP in multi-region SIP environments when using advanced call features. Therefore, Option B is the correct answer.
Option C suggests converting all SIP trunks to early-offer. Early-offer can reduce certain types of call setup issues by providing media information earlier in the process, but it does not stabilize mid-call re-INVITEs that occur during conference setup. The failures occur after call establishment when CUCM issues additional re-INVITEs for conferencing. Early-offer has no effect on this mid-call behavior. Therefore, it does not fix the core issue.
Option D recommends removing all non-G.711 codecs. While simplifying codec negotiation can help reduce mismatches, removing codecs can negatively impact WAN bandwidth usage and inter-site call quality. Additionally, codec mismatches are only one cause of failed re-INVITEs—other causes include DTMF mismatches, media feature support, and device-specific capabilities. MTP solves all these issues by acting as a media anchor. Simplifying codecs alone does not ensure consistent conferencing performance. Therefore, this is not the best solution.
Option B is the only solution that directly and comprehensively addresses inconsistent codec capabilities and SIP feature support during conferencing.
Question8:
A Cisco Unified Contact Center Express deployment experiences sporadic agent login failures. Agents report that after entering credentials, the system hangs and then logs them out. CUCM traces show CTI Manager delays and repeated CTI connection resets. Network monitoring reveals that during peak hours the UCCX server sends a high rate of JTAPI messages due to rapid state changes and agent transitions. What change BEST improves stability?
A) Increase heartbeat timers between UCCX and CTI Manager to allow more tolerance for slow responses
B) Configure UCCX to reduce agent state transition frequency by limiting wrap-up options
C) Assign UCCX to a dedicated CTI Manager node to isolate CTI traffic from other services
D) Reduce the number of agents logged in simultaneously to decrease load
Answer: C
Explanation:
Option A proposes increasing heartbeat timers. Although adjusting timers can help in situations where network latency is slightly high, this scenario involves CTI Manager resets due to high traffic volume. Increasing heartbeat timers only delays detection of failures; it does not reduce CTI load. The root cause is excessive JTAPI messaging during peak hours. Increasing timers allows CTI delays to persist longer without immediate resets, but the instability would continue. Exam scenarios often emphasize identifying the source of CTI overload rather than masking symptoms.
Option B proposes reducing agent state transitions by limiting wrap-up options. While wrap-up behavior contributes to JTAPI messaging, agent transition frequency is often driven by real operational requirements, and limiting wrap-up codes does not significantly reduce CTI traffic. The problem stems from CTI Manager being overloaded—not from the wrap-up codes themselves. Reducing wrap-up options restricts agent workflows but does not address the technical root cause.
Option C is the correct answer. Assigning UCCX to a dedicated CTI Manager node ensures that UCCX has exclusive access to CTI services, preventing overload caused by other CUCM functions sharing the same CTI Manager instance. UCCX relies heavily on JTAPI messaging for call routing, state transitions, and agent events. When CTI Manager becomes overloaded, UCCX loses connection stability, leading to login failures and dropped agent states. By isolating CTI traffic on a dedicated subscriber, the CTI load becomes predictable and more manageable. This is a well-established Cisco best practice: large UCCX deployments should use a dedicated CTI Manager node to maintain stability.
Option D proposes reducing the number of agents. While fewer agents lead to fewer events, this is not a feasible operational solution. The system should scale to support required agent counts. Reducing agents avoids the real problem, compromises service levels, and is not a configuration fix.
Thus, Option C directly addresses the root cause and is the best solution.
Question9:
A large multinational enterprise uses Cisco Expressway for B2B video calling. Some external partners report that they cannot establish calls, receiving a 403 Forbidden error. Expressway-E logs show TLS handshake failures between external domains and the enterprise Expressway-E. The security team confirms that TLS verification must remain enabled. What configuration change BEST ensures B2B calls succeed?
A) Disable TLS verification on Expressway-C only
B) Add the external partner’s certificate authority chain to the Expressway-E trusted CA store
C) Switch B2B calls to SIP UDP to avoid TLS altogether
D) Configure DNS to bypass certificate checks for partner domains
Answer: B
Explanation:
Option A disables TLS verification on Expressway-C, not Expressway-E. However, the issue occurs during TLS handshake between external domains and Expressway-E, so modifying Expressway-C does nothing. Additionally, the requirement states that TLS verification must remain enabled. Therefore, disabling verification violates the policy and is ineffective.
Option B proposes adding the partner’s CA chain into Expressway-E’s trusted store. This is the correct approach. TLS handshake failures often occur because Expressway-E does not recognize the CA that signed the external partner’s certificate. Adding their CA chain allows Expressway-E to validate the certificate properly during TLS negotiation, enabling secure and trusted B2B communication. Cisco exam material frequently highlights the importance of properly populated certificate stores in B2B calling scenarios, as missing intermediate certificates are a major source of TLS errors. Therefore, this option directly resolves the issue and maintains compliance with security policies.
Option C suggests switching B2B calls to SIP UDP, but this violates the requirement that TLS must remain enabled. Additionally, B2B calls are typically encrypted over TLS, and UDP cannot replace TLS in this context. It would break security compliance and cause additional compatibility issues.
Option D suggests using DNS to bypass certificate checks, which is both technically incorrect and noncompliant with security policies. Certificate validation is handled through the TLS handshake, not DNS resolution. DNS cannot bypass TLS certificate verification.
Option B is therefore correct.
Question10:
A CUCM cluster is integrated with Cisco Unity Connection for voicemail. During high call volume, some users experience delayed voicemail greetings or timeouts when accessing voicemail. Unity Connection performance logs show congestion on its media ports, and some calls fail to connect due to insufficient port availability. What configuration change BEST improves voicemail performance?
A) Restrict voicemail access to off-peak hours to reduce load
B) Add more media ports to Unity Connection and distribute SIP integration across multiple CUCM subscribers
C) Replace SIP integration with SCCP to reduce port consumption
D) Disable call handlers to reduce processing demand
Answer: B
Explanation:
Option A suggests restricting voicemail access to off-peak hours, which is operationally unrealistic. Voicemail must be available at all times. Limiting access does not address the system performance bottleneck and contradicts typical enterprise requirements.
Option B is the correct solution. Adding more media ports increases the capacity for voicemail greetings, message retrieval, and recording. Distributing SIP integration across multiple CUCM subscribers helps balance signaling load, reducing congestion and preventing subscriber overload. This directly improves performance during high call volume. Unity Connection clusters are designed to scale by adding additional ports, and Cisco best practices recommend distributing integration across multiple CUCM nodes for redundancy and performance.
Option C suggests switching from SIP to SCCP. SIP is the preferred and modern protocol for voicemail integration. SCCP does not inherently reduce port consumption. The performance issue arises from insufficient media resources, not the protocol in use.
Option D proposes disabling call handlers. Call handlers are essential for routing calls within Unity Connection. Disabling them would break core voicemail functionality and does not solve port congestion.
Question11
A collaboration engineer is troubleshooting user complaints that audio calls over the WAN experience intermittent one-way audio. The WAN link shows no packet drops, and MOS levels remain within acceptable ranges. However, the engineer identifies that the RTP traffic is occasionally being marked with CS0 instead of EF. Which action resolves this issue?
A) Modify the WAN router QoS policy to trust DSCP markings from the access layer
B) Configure the access switch to trust the Cisco IP Phone and rewrite DSCP values for voice
C) Change the WAN bandwidth allocation to prioritize video over voice
D) Disable LLDP-MED on all switches to prevent automatic QoS negotiation
Answer: B
Explanation:
This scenario focuses on one of the most critical aspects of Cisco voice and collaboration environments: QoS trust boundaries, DSCP markings, and the integrity of packet classification from endpoint to WAN edge. The root cause described is that RTP packets, which should carry DSCP EF (46), are intermittently being marked as CS0, the default best-effort classification. This behavior leads to one-way audio symptoms, jitter, or impairment even if the network itself is not congested, because the packets are not receiving preferential queuing on intermediate devices. Understanding the chain of marking, trust, and packet handling is vital for Cisco 350-801.
Option B is the correct choice because the access switch must trust the IP Phone as the QoS boundary. Cisco IP Phones typically mark voice packets directly with DSCP EF and signaling packets with CS3 or AF31. However, if the switchport is not configured to trust the IP Phone or is misconfigured to trust the PC instead, traffic can be overwritten or reset to CS0. When switches rewrite DSCP to CS0, downstream devices—including WAN routers—will apply best-effort forwarding, causing unpredictable voice performance. Ensuring the access switch recognizes the phone as a trusted endpoint allows the network to preserve EF markings end-to-end. This resolves the intermittent remarking problem and stabilizes the RTP traffic flow.
Option A suggests modifying the WAN router QoS policy to trust DSCP from the access layer. However, trusting markings at the WAN edge does not fix the upstream remarking issue. If packets are already incorrectly marked by access switches, the WAN router will only trust and forward the incorrect DSCP values. QoS must be enforced close to the source—the access layer—not at the edge. Cisco design guidelines always place trust boundaries at the point closest to the endpoint with known and reliable marking behavior. Trusting at the WAN is too late.
Option C recommends changing WAN bandwidth or prioritizing video over voice. This contradicts best practices. Voice always has the highest QoS precedence. Altering bandwidth or priority does nothing to fix incorrect DSCP marking. Furthermore, the issue is not insufficient bandwidth but misclassification of packets. Increasing video priority could degrade voice performance further.
Option D suggests disabling LLDP-MED. LLDP-MED is used by IP phones to communicate QoS settings, VLAN assignments, and device capabilities. Disabling it removes helpful automation and does not fix DSCP integrity. LLDP-MED is not responsible for the mismatch in markings; switch trust boundaries and QoS policies are.
Therefore, Option B is the only choice that aligns with Cisco collaboration QoS principles: establishing the correct trust boundary at the access switch and ensuring that the IP Phone is recognized as a trusted device. By configuring trust appropriately and enabling DSCP preservation, the organization ensures consistent EF marking and prevents best-effort remarking of RTP, eliminating audio symptoms and ensuring end-to-end voice quality.
Question12
A company deploys Cisco Unity Connection integrated with CUCM using SIP. Users report that voicemail playback on their IP Phones begins with several seconds of silence before the recorded message starts. Network analysis shows no packet loss or jitter. What is the most likely cause?
A) The voicemail ports are configured with incorrect MWI extensions
B) VAD is enabled on the SIP trunk between CUCM and Unity Connection
C) The Unity Connection server is using G.722 while phones use G.711
D) The voicemail pilot is configured in the wrong partition
Answer: B
Explanation:
This scenario centers on audio treatment and media behavior between CUCM and Unity Connection over SIP. When users experience silence at the beginning of voicemail playback, it suggests that either the media stream is suppressed initially, or signaling/codec negotiation is causing delays before RTP flows correctly. Since there is no packet loss or jitter, the network transport layer does not appear to be the issue. Instead, behavior at the media processing layer must be considered.
Option B is correct because Voice Activity Detection (VAD) suppresses RTP transmission during silence. In voicemail playback scenarios, the first portion of many messages may contain background silence before the speaker begins speaking. When VAD is enabled on SIP trunks, it can delay the transmission of RTP packets until actual voice energy is detected. On Unity Connection messages, the recording may begin with low-energy audio, and VAD may interpret this as silence. Therefore, the IP Phone receives no RTP initially, creating the perception of delay before the message begins.
Cisco strongly recommends disabling VAD on SIP trunks between CUCM and Unity Connection to maintain consistency in media transmission and avoid silent gaps. Voicemail systems expect continuous RTP and are sensitive to suppression. Toggling VAD off ensures that the audio stream—including silence—is delivered in real time without interruption.
Option A, referencing incorrect MWI (Message Waiting Indicator) extensions, is unrelated. MWI controls the lamp on a phone indicating unread voicemail. Incorrect MWI settings affect lamp behavior, not the media flow or playback of messages.
Option C suggests a codec mismatch between Unity Connection and IP Phones. While codec mismatches can cause media issues, Unity Connection supports G.711 as its primary codec. Even if Unity Connection tries to use G.722, CUCM performs transcoding automatically when necessary, provided sufficient DSP resources exist. Codec mismatches generally lead to call failures or transcoding resource errors, not several seconds of silence at the start of playback.
Option D indicates the voicemail pilot is in the wrong partition, but this would cause call routing failures or inability to reach voicemail, not silent audio during playback. Partition issues affect call routing, not media delivery.
Thus, the silence results from VAD removing initial RTP packets when early voicemail audio contains silence or low-energy speech. Disabling VAD corrects RTP continuity and ensures that voicemail playback begins smoothly from the start of the message.
Question13
A collaboration administrator discovers that mobile users using Cisco Jabber with Mobile and Remote Access (MRA) cannot escalate active voice calls to video. The calls work internally, and video works internally, but escalation fails when users are remote. What is the most likely cause?
A) Expressway-C lacks TURN services
B) SIP Profile assigned to endpoints does not enable Early Offer
C) Expressway-E is missing the traversal zone certificate chain
D) The MRA deployment does not allow ICE candidate exchange required for video
Answer: D
Explanation:
This scenario focuses on Cisco Expressway MRA, ICE candidate exchange, call escalation, and media path optimization. Call escalation from audio to video depends heavily on the ability of endpoints to negotiate new media streams through firewall-permitted paths. Internal users experience no issue because internal media flows do not require traversal of firewalls or NAT. External users relying on MRA need ICE (Interactive Connectivity Establishment) to negotiate connectivity for additional media streams such as video.
Option D is correct because MRA requires full ICE candidate exchange to establish secure pathways for new media types. During an audio-only call, a single media path is established. When escalating to video, new media ports must be negotiated. If ICE is not functioning or disabled, Jabber cannot gather or exchange candidates through Expressway for the video stream. As a result, escalation fails only externally, while internal users succeed.
Option A claims TURN services are missing on Expressway-C. While TURN supports media relay in certain scenarios, Expressway MRA deployments do not rely on external TURN servers for standard call flows. Expressway-E and C already function as the traversal mechanism. TURN absence would not selectively affect escalation while allowing basic calls to work.
Option B involves Early Offer settings. While Early Offer influences call setup by sending SDP in the initial SIP INVITE, it does not govern mid-call renegotiation of media streams. Call escalation uses re-INVITE or UPDATE messages with new SDP. Early Offer absence would cause call setup delays or SIP issues, not specifically prevent escalation.
Option C points to a certificate chain issue on the traversal zone. Certificate problems prevent MRA registration, signaling traversal, or complete call setup. If certificates were incorrect, users would not be able to register remotely at all, or calls would fail entirely, not specifically escalation.
ICE must be enabled and functioning end-to-end for video escalation in MRA scenarios. When ICE is nonfunctional, the additional media path cannot be negotiated through NAT and firewall restrictions. This is the only explanation consistent with the symptoms.
Question14
A CUCM cluster experiences intermittent conference failures when users attempt to add a third participant to an active call. The administrator discovers that Media Termination Points (MTPs) are in use and that conference attempts fail only when calls originate from SIP endpoints. What is the cause?
A) SIP endpoints require hardware MTPs to negotiate G.729 correctly
B) The SIP trunk is configured for Delayed Offer, preventing proper conferencing
C) The MTP resources do not support multiparticipant media renegotiation
D) The conference bridge is configured for G.722-only operation
Answer: B
Explanation:
Cisco Unified Communications Manager handles call conferencing through re-INVITE signaling and media renegotiation. When SIP endpoints invoke conferencing, they depend on CUCM to reestablish signaling paths among all participants, often requiring MTP insertion if media capabilities differ. The key detail here is that failures occur only for SIP endpoints and only when adding a third participant, pointing to a mid-call renegotiation issue within SIP communication.
Option B is correct because Delayed Offer SIP trunks complicate mid-call renegotiation required for conferencing. With Delayed Offer, SDP is not sent in the initial INVITE; instead, it is negotiated later. When a conference is attempted, CUCM must perform new SDP negotiations among all endpoints. Delayed Offer causes ambiguity or failure during this process because CUCM expects consistent SDP behavior to orchestrate media streams through MTPs and conference bridges. SIP endpoints are more sensitive to this than SCCP phones, hence why only SIP devices experience failures.
Option A claims SIP endpoints require hardware MTPs for G.729 negotiation. While hardware MTPs support G.729, the scenario does not mention codec mismatches or insufficient DSP resources. Also, failures happen intermittently and only during conferencing, not initial calls. If G.729 support were the issue, calls themselves would fail.
Option C suggests the MTP cannot handle multiparticipant media renegotiation. MTPs are not designed for conferencing; they serve as signaling mediators for DTMF, codec, and packetization mismatches. However, MTPs do not limit conferencing capabilities as long as conference bridges are available. The problem described points to SIP signaling, not media capacity.
Option D claims the conference bridge supports only G.722. Codec mismatch would cause consistent failures, not intermittent ones. Additionally, CUCM automatically inserts transcoders if needed. This would not selectively affect SIP endpoints.
Thus, the SIP trunk configured for Delayed Offer disrupts multi-party negotiations required for conferencing. Changing to Early Offer or addressing SIP profile settings resolves the issue.
Question15
A network team migrates from an older PBX to a full Cisco CUCM solution. After deployment, users report that calls to an external PSTN destination occasionally fail with fast busy. Logs show that CUCM attempts multiple route groups before finding an available gateway, causing call setup delays. What should the administrator modify to optimize outbound call routing?
A) Replace route groups with multiple route lists
B) Enable Local Route Group to simplify gateway selection
C) Remove all but one gateway to avoid confusion
D) Use time-of-day routing to direct calls to specific trunks
Answer: B
Explanation:
Outbound PSTN routing in CUCM depends on route patterns, route lists, route groups, and dial plan logic. The issue described involves CUCM attempting multiple route groups sequentially, leading to delay and intermittent failure. This suggests that CUCM must traverse multiple configurations unnecessarily, or gateways are not being selected efficiently.
Option B is correct because Local Route Group (LRG) allows CUCM to dynamically use the appropriate local gateway without relying on multiple route groups that require sequential failover. LRG simplifies dial plan architecture by referencing a local gateway based on the device’s calling location or device pool. Instead of manually ordering gateways in route groups, CUCM applies the correct gateway automatically based on the caller’s region. This eliminates excessive sequential searching and reduces call setup time.
Option A proposes replacing route groups with route lists. However, route lists simply organize route groups; they do not resolve the issue of excessive failover. The problem lies in the structure of how the gateway is chosen, not the number of lists.
Option C suggests removing all but one gateway. This eliminates redundancy and is contrary to high-availability best practices. Multiple gateways are essential; the problem is configuration strategy, not too many gateways.
Option D recommends time-of-day routing. While useful for controlling trunk usage by time, it does not optimize call routing logic or address sequential failover delays.
Local Route Group is the modern Cisco best-practice approach to PSTN routing. It cleans up dial plan complexity, reduces unnecessary route group processing, and ensures efficient routing without delays or intermittent fast busy signals.