Refer to the exhibit. An engineer must implement toll fraud prevention on a Cisco UCM cluster by allowing only the indicated IP address and protocols through Cisco Unified Border Element. What must be configured?
It is very tricky this question.
There is an interesting thing. I we look both dial peers, one is targeting to the CUCM, and the another one targeting to ISP, but even most important, both dial peers are using session protocol sipv2. So in order of allow this communication, taking in mind those dial peers, you need only to configure allow-connections sip to sip.
Another interesting thing is that it is not necessary to configure anything in Ip address trusted list, because both IP's (ISP and CUCM) need to be trusted, they are already trusted since they are specified in dial-peers.
So I thing, that the closest answer is B. do no need anything else to that configuration works fine in compliance of the toll fraud prevention requirements.
Note .- I do not understand the reason to be of these "H323" text in the drawing (between the CUCM and CUBE icons). Or the drawing is wrong, or the dial peers are wrong. Watch out and take care when reading this question in the exam.
My conclusion:
If the CLI config is wrong, then correct answer is D.
If the drawing is wrong (cause that text "H323" between tue CUCm and CUBE icon), then the correct answer is B.
I'm thinking if you configure a trusted list of IP's you would have to add your ITSP IP as well as your CUCM IP. Otherwise, it would block the ITSP connection. Hence, why I would go with A.
I think should be A, based om following excerpt from a Community post and other documents:
"Any address in the session target will be automatically added, hence you dont need to add them. This will include IP address of your CUCM servers as well as IP address of your ITSP that is configured as a sessison target.
NB: You may need to add other IPs from your ITSP as they usually send requests from multiple IP address. You should just ask them for the subnet of their Signalling IPs and add the whole subnet to be safe"
However, I'm assuming there's a typo in the config for Dial Peer 2, since a call to the ISP should be pointing to 192.168.10.11 and not to 192.168.10.10.
This configuration matches the IP address 192.168.11.11, which aligns with the internal network shown in your diagram (CUCM side). It also permits only SIP and H.323 connections, which is crucial for protecting against toll fraud.
Voice services voip
Allow-connections h323 to sip
Allow-connections sip to h323
Ip address trusted list
Ipv4 192.168.11.11
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.350-801 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
G0y0
2 months, 3 weeks agoG0y0
2 months, 3 weeks agoGary1968
3 months ago61d0d9d
3 months, 3 weeks agoOSJAY
5 months, 4 weeks agob3532e4
7 months, 4 weeks ago