350-801 Question #471: Real Exam Question with Answer & Explanation

Question

An engineer is setting up a new voicemail server, and the requirements state that the integration for call control must be secure. During the configuration the engineer wants to select 揘ext Generation Encryption? What is the prerequisite for using this option to ensure an encrypted SIP integration?

Options

• ATCP connection using port 5061 with explicit TLS1.2 and ACME-signed SIP certificates
• Bsecure TLS connection and Tomcat certificates
• Csecure TLS connection and SIP certificates
• DTCP connection using port 5061 with explicit TLS1.2 and signed SIP certificates

Explanation

To enable "Next Generation Encryption" for a secure SIP integration with a voicemail server, a secure TLS connection must be established using valid SIP certificates. These certificates authenticate the communication endpoints and encrypt the SIP signaling.

Common mistakes.

• A. While TCP port 5061 and TLS 1.2 are common for secure SIP, the specific mention of ACME-signed certificates is not a universal prerequisite; general signed SIP certificates are required.
• B. Tomcat certificates are used for securing the web interface of Cisco Unified Communications applications, not directly for securing the SIP integration between CUCM and a voicemail server.
• D. While TCP port 5061 and TLS 1.2 are relevant, the term "signed SIP certificates" is too generic compared to option C, and the secure TLS connection itself is paramount for encryption.

Concept tested. Secure SIP integration prerequisites (Unity Connection)

Reference. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/unityscx/security/12_5_1/secx/ucsec.html

No community discussion yet for this question.