ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-820 All Questions

View all questions & answers for the 300-820 exam
Go to Exam

Exam 300-820 topic 1 question 15 discussion

Actual exam question from Cisco's 300-820
Question #: 15
Topic #: 1
[All 300-820 Questions]

What happens to the encrypted signaling traffic of a collaboration device if you place it inside a firewall with private IP addresses and try to make a call over IP without any collaboration infrastructure?

  • A. The signaling makes it back to the endpoint because the firewall is an application layer gateway and provides address translation.
  • B. Encrypted IP traffic for collaboration devices always is trusted by the firewall.
  • C. The signaling does not make it back to the endpoint because the firewall cannot inspect encrypted traffic.
  • D. The signaling makes it back to the endpoint because the endpoint sent the private address to the external endpoint.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by BangBang86 at Aug. 13, 2020, 6:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
khader09
Highly Voted 3 years ago
The signaling does not make it back to the endpoint because the firewall cannot inspect encrypted traffic.
upvoted 8 times
...
TestingAAgain
Highly Voted 1 year, 4 months ago
Selected Answer: A
Don't like this question. However, the key to the question is that we're talking about signaling that is encrypted. That means TLS over TCP/IP. Since the station is initiating the connection to the outside via TCP/IP (with TLS on top), the signaling traffic will go through, and return traffic come back via the dynamic NAT from the firewall. Has nothing to do with the traffic being "always trusted" though. The media is a different story. Media exchange would fail as the device would not be reachable from the outside without additional collaboration ifnrastructure unless you are using some form of static NAT. So, the best answer here is A.
upvoted 5 times
iulianm
1 year, 3 months ago
A NAT ALG is similar to a firewall ALG, but a NAT ALG actually changes (maps) the addresses and ports in the signaling messages. The NAT ALG cannot inspect the contents of encrypted signaling messages. Answer C
upvoted 1 times
...
...
Collabinski
Most Recent 9 months, 1 week ago
Selected Answer: C
If the signaling flows do not go through the firewall so that the firewall can inspect the signaling traffic, the RTP streams could be blocked because the firewall will not know which ports need to be opened to allow the RTP streams for a conversation. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab12/collab12/security.html
upvoted 2 times
...
cyberknock
10 months ago
Selected Answer: C
Answer C, because firewall cannot inspect the encrypted traffic and is not able to rewrite ip addresses
upvoted 2 times
...
BangBang86
3 years, 2 months ago
The signaling does not make it back.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago