Upload
vuongthien
View
273
Download
6
Embed Size (px)
Citation preview
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Exam Study Guide
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 2 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Getting Started
The Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Exam Study
Guide is designed to help you prepare for the Oracle Communications Session Border Controller 7 Advanced
Implementation Essentials exam
Earning this certification helps OPN members differentiate in the marketplace through proven in-depth expertise, and
helps their partner company qualify for the Enterprise Communications Specialization and Network Session Delivery
and Control Infrastructure Specialization.
Target Audience
The Oracle Communications Session Border Controller 7 Advanced Implementation Essentials exam audience defines
the type of participants who are likely to pass the exam and targets individuals with a specific level of education and
expertise:
Job Role:
Architect
Configuration Consultant
Configuration Implementer
Network Administrator
Project Manager
Support Engineer
System Integrator
Level of Competency:
Candidates should be able to perform routine operations (system access, configuration, backup/restore)
Knowledge of TCP/IP Networking and VoIP Telephony is highly recommended.
Holding the certification for the Oracle Communications Session Border Controller Implementation Essentials.
Exam Topics
The Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist exam covers
eleven topics:
Advanced Routing
Advanced Dynamic Routing
Advanced Session Router
Advanced Business Trunking
Advanced Header Manipulation Rules (HMR)
Advanced Media Handling
Denial of Service (Dos) Protection
Telecommunications and Cryptography
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 3 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Introduction to IP Security (IPSec)
Transport Layer Security (TLS)
Secure Real Time Protocol (SRTP)
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 4 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Levels of Knowledge
Each exam topic contains objectives and each objective is categorized by learner or practitioner level of knowledge.
Learner items test foundational grasp and
require product comprehension (not
recognition or memorization).
Example:
“When configuring a sip-interface element under the session-
router configuration branch, which are the three configuration
parameters that identify uniquely a sip-port in the SBC
configuration?”
Practitioner items present on-the-job
scenarios and require the ability to: integrate
and apply knowledge in new contexts, analyze
and troubleshoot complex issues, and solve
problems.
Example:
1) “You are configuring the SBC for an access-backbone scenario.
Your customer has three requirements: load balancing, high
availability, CDR generation. Identify the steps that must be
completed in order to meet those requirements.
2) “You are running a soft switch in the backbone network for
balancing the signaling load egressing the SBC. You decide to
add a second soft switch in your backbone network.
Using command line administration, which two configuration
elements will you configure to achieve this?
Training Options
Throughout the study guide each exam topic recommends one or several training formats:
OPN Boot Camps
Online Training
Oracle University Training
While the Oracle Partner Network facilitates free access to online training, in class trainings often require a fee.
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 5 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Exam Details per Topic
This section covers details associated to all exam topics such as: exam topics overview, objectives, levels of knowledge,
recommended trainings and sample questions. Specialization exams include all application functionalities not only the
most frequently used ones.
Topic 1: Advanced Routing
Objective Level
Describe Session Border Controller (SBC) routing options and their uses Learner
Configure management routing options to modify default behavior and
Application Layer Gateway (ALG) by static-flows
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Sample Questions
How can you change the default gateway for traffic meant to network 192.168.1.0/24?
(choose one)
A. You should configure a local policy that has next hop set to 192.168.1.0/24 and
the new gateway.
B. You should configure a host-route with destination address 192.168.1.0/24
and the new gateway
C. You should configure a host-route with default gateway set to 192.168.1.0.
D. Nothing: the default gateway cannot be changed.
In which two ways can you strip a route header from a sip message? (choose two)
A. by writing a sip manipulation
B. by writing a local policy
C. by adding the option strip-route-headers in the sip interface
D. by writing a route policy
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 6 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 2: Advanced Dynamic Routing
Objective Level
Explain Domain Name Server (DNS) operation and query types and explain what
is the purpose for using Electronic Numbering (ENUM)
Learner
Configure DNS, ENUM, local routing tables (LRT) and other elements for
smarter, more efficient and advanced routing
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Sample Questions
You need to configure one target realm that contains a list of DNS servers and make
sure that all remaining realms will use those servers.
What should you configure in the SBC to accomplish such a task? (choose one)
A. You should reference the target realm in the network interface object under the
dns-realm parameter.
B. You should reference the target realm in all the remaining realm objects
under the dns-realm parameter.
C. You should reference the target realm in the system-config object under the
global-dns parameter.
D. Nothing. There is no way to accomplish such a task in the SBC.
What should you configure in order to have the SBC to act as an ENUM server in its
own right? (choose one)
A. You should configure an internal DNS server on an SBC that runs a Linux
kernel.
B. You should configure a local-routing-config object that points to an
internal XML file.
C. You should configure an internal ENUM server on an SBC that runs
VXWORKS.
D. Nothing. The SBC cannot act as an ENUM server in its own right.
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 7 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 3: Advanced Session Router
Objective Level
Explain traditional Class 4 networks
Explain an Open Session Routing (OSR)
Configure a Session Router (SR) as session-stateful, transaction-stateful, or
transaction-stateless
Analyze traces for different SR modes noting the difference from the SBC
Learner
Learner
Practitioner
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Sample Questions
Which of the following is a possible value for the operation-mode parameter that
enables the Session Router (SR) functionality? (choose one)
A. Session-stateful
B. Transaction-stateful
C. Transaction-stateless
D. All of the above
Which of the following SIP headers will be added in the SIP signaling message by a
Session Router (SR)? (choose one)
A. Record-Route
B. From
C. To
D. None of the above
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 8 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 4: Advanced Business Trunking
Objective Level
Explain the business trunking principles and options
Configure Session Initiation Protocol (SIP) connect, trunk group URIs, and
surrogate registrations on the SBC
Learner
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Sample Questions
Which object should you use in the SBC if it had a core that required registrations from
all entities and an IP-PBX that had no registration capability? (choose one)
E. trunk group routing
F. sip-nat
G. surrogate-agent
H. straight-through peering
I. registration-caching
How should you add trunk group/trunk context information that an application server in
the core may need for billing purposes? (choose one)
E. with a SIP manipulation that adds trunk group/trunk context information
in the Contact header
F. with a SIP manipualation that adds adds trunk group/trunk context information
in the SDP body
G. by adding the trunk group/trunk context information in the sip-config object
H. by adding the trunk group/trunk context information in the system-config object
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 9 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 5: Advanced Header Manipulation Rules (HMR)
Objective Level
Explain HMR rule set basics and how HMRs are constructed and processed by
the SBC
Configure efficient HMRs using the power of regular expressions (Regex),
conditioning, chaining and more
Learner
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Sample Questions
You are concerned about optimizing your HMRs in order to reduce CPU cycles caused
by regular expression lookups.
How should you structure those HMRs that are used to perform regex lookup actions on
sub-parts of sip headers? (choose one)
A. You should always resort to using element-rule objects whenever is possible.
B. The User may modify the configuration but neither save nor activate it.
C. The User may modify the configuration and save it, but not activate it.
D. The User may not view the configuration.
E. The User may delete the configuration.
You need to match all numbers that start with +1202 and that also are at the beginning of
a line in the From header.
Which expression is accomplishing this task? (choose one)
A. ^+1202
B. $\+1202
C. ^\+1202
D. \b\+1202
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 10 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 6: Advanced Media Handling
Objective Level
Describe access control options for media
Configure latching, symmetric-latching and restricted-latching
Configure Bandwidth Call Admission Control (CAC) and media traffic shaping
Set up Quality of Service (QoS) management and codec policing
Learner
Practitioner
Practitioner
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Sample Questions
You need to accept RTP (Real Time Protocol) from a specific subnet only. What object
should you configure? (choose one)
A. Realm-config with address-prefix set to the specific subnet you want to allow
traffic from
B. Realm-config with symmetric latching enabled
C. Realm-config with restricted latching enabled and set to the subnet you want
to allow traffic from
D. Media-manager with restricted latching enabled and set to the subnet you want to
allow traffic from
How should you configure a codec policy if you wanted to allow GSM, PCMU, and
PCMA but disallow GSM and PCMU in case they are offered along with
PCMA? (choose one)
A. allow-codecs set to GSM PCMU PCMA
B. order-codecs set to GSM PCMU PCMA:force
C. allow-codecs set to GSM PCMU PCMA:force
D. add-codecs-on-egress set to GSM PCMU PCMA:force
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 11 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 7: Denial of Service (DoS) Protection
Objective Level
Set up protection levels on the SBC (service, core infrastructure, the SBC)
Apply Constraints to messages to protect the core
Configure DoS protection mechanism within the SBC
Calculate parameter values for configuring DoS protection in the SBC
Configure dynamic and static access control
Test the behavior of DoS protection against various trust levels
Learner
Learner
Practitioner
Practitioner
Practitioner
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Oracle SBC Security Configuration
Sample Questions
Which set of elements is involved in the DoS protection of the SBC? (choose one)
A. sip-config, media-manager and session-agent
B. system-config, realm-config and access-control
C. realm-config, sip-interface with sip-port and steering-pool
D. media-manager, realm-config and access-control
E. session-router, local-policy and session-constraints
If an Endpoint is demoted to denied, for how long will its traffic be blocked? (choose
one)
A. for the value in seconds entered in the deny-period parameter in realm-config
B. for 2 times the value in seconds entered in the deny-period parameter in realm-
config
C. for the value in seconds entered in the tolerance-window in media-manager
D. for 2 times the value in seconds entered in the tolerance-window in media-
manager plus the value in seconds in the deny-period parameter in realm-
config
E. for 2 times the value in seconds entered in the tolerance-window in media-
manager
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 12 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 8: Telecommunications and Cryptography
Objective Level
Describe VoIP vulnerabilities, including SIP call interception
Explain symmetric and asymmetric key cryptosystems
Describe authentication concepts: hash, digital signature
Manually calculate the Diffie-Hellman Key Exchange algorithm
Describe the need for Certification Authorities (CA) and digital certificates
Learner
Learner
Learner
Practitioner
Learner
Recommended Training
Oracle SBC Advanced Configuration
Oracle SBC Security Configuration
Sample Questions
Which two are purposes of the asymmetric key cryptography? (choose two)
A. using the public key for encrypting and decrypting the messages
B. using the private key for encrypting and decrypting the messages
C. using the public key for encrypting and the private key for decrypting the
messages
D. using the same pre shared key for encrypting and decrypting the messages
E. using the private key for encrypting and the public key for decrypting the
messages
What two options may be used in digital signatures? (choose two)
A. Timestamps, to provide transmission protection
B. Encapsulation to provide privacy
C. Nonce, a number used only once to provide protection against replay
attacks
D. Message numbering to provide confidentiality of the owner
E. Segmentation to provide protection against eavesdropping
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 13 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 9: Introduction to IP Security (IPSec)
Objective Level
Explain the IPSec protocol suite; protocols and components
Test the IPsec modes of operations
Configure IPsec on the SBC
Explain the principles of Internet Key Exchange (IKE)
Analyze the IKE negotiation processes
Configure IKE and verify the process on the SBC
Learner
Practitioner
Practitioner
Learner
Learner
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Oracle SBC Security Configuration
Sample Questions
A customer has an IP trunk between two standalone SBCs. The customer requests to
protect the VoIP traffic with an IPSec tunnel using manual keys. What objects do you
need to add into the existing configuration? (choose one)
A. a security-policy and a security-association
B. a security-policy and ipsec-global-config
C. a security-association and ipsec-global-config
D. a security-policy, a securrity-association and ipsec-global-config
Identify two SBCs models supporting IPSec with IKE. (choose two)
A. SBC 4500 with Secure Services Module (SSM) card
B. SBC 4500 with Base NIU and Enhanced Traffic Control NIU
C. SBC 3800 with Base NIU with inline IPsec/SRTP encryption processors
D. SBC 3800 with Base NIU with inline IPsec/SRTP encryption processors
and Secure Services Module (SSM) card
E. SBC 4500 with Enhanced Traffic Control NIU and Secure Services Module
(SSM) card
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 14 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 10: Transport Layer Security (TLS)
Objective Level
Explain TLS protocol and the applications of TLS
Describe TLS sub-layers, TLS sessions, and TLS key exchanges
Set up the SBC to process TLS
Configure the TLS features on the SBC
Learner
Learner
Practitioner
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Oracle SBC Security Configuration
Sample Questions
Identify three TLS messages that are used for TLS session establishment with mutual
authentication. (choose three)
A. The Client sends "Certificate Request" to the Server.
B. The Server sends "Certificate Request" to the Client.
C. The Server sends "Certificate" to the Client.
D. The Client sends "Certificate" to the Server.
E. The Client sends "Client Key Exchange" to the Server.
A customer using TLS requests to do a hardware upgrade from a SBC 3800 to a SBC
4500. How can you load the certificates from the old SBC into the new one? (choose
one)
A. Export the SBC's certificates and private keys, and then import into the new
SBC
B. It is not possible to reuse the existing certificates. You need to generate new
ones.
C. Load a backup of the configuration into the new SBC.
D. Export the SBC's certificates and then import into the new SBC.
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 15 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Topic 11: Secure Real Time Protocol (SRTP)
Objective Level
Explain Real Time Protocol (RTP) and Real Time Control Protocol (RTCP)
Analyze RTP and RTCP packet structures
Explain SRTP basics including key exchange, and Cryptographic Context
Set up SRTP operations on the SBC
Set up different SRTP topologies: including three types of SRTP terminations
Learner
Learner
Learner
Practitioner
Practitioner
Recommended Training
Oracle SBC Advanced Configuration
Oracle SBC Security Configuration
Sample Questions
Which are the two correct statements when negotiating the cryptographic context for
SRTP/SRTCP? (choose two)
A. When using SDES, the key materials are sent unencrypted.
B. When using MIKEY, the key materials are sent encrypted.
C. The SDP offer can provide a list of crypto offers.
D. The SDP offer can provide only one crypto offer.
A customer requests you to configure the SBC to support RTP and SRTP in the same
access realm. Which two statements are true? (choose two)
A. You must configure it in three different elements: media-sec-policy, sdes-
profile/mikey-profile, and security-policy.
B. It is not supported. You need to define two realms.
C. It is only supported in the Single-ended SRTP Termination topology.
D. It is supported in all the topologies.
Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 16 of 16
Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources
Exam Registration Details
Full exam preparation details are available on the exam page Oracle Communications Session Border Controller 7
Advanced Implementation Essentials, including learning objectives, number of questions, time allowance, pricing and
languages available.
The OPN Certified Specialist Exams appointments are available worldwide at Pearson VUE Testing Centers.
Reservations can be made via phone or online.
Candidates must have an Oracle Web Account to access CertView and check their exam results. In order to have their
certifications reflected on OPN Competency Center, both CertView and Pearson Vue accounts must be updated with the
current OPN Company ID. Your Company ID can be obtained by contacting your local Oracle Partner Business Center
or by signing in to your OPN account.
Additional Resources
Oracle Session Border Controller Partners Information
Oracle Communications Session Border Controller Essentials Exam (1Z0-400)
Enterprise Communications Knowledge Zone
Network Session Delivery and Control Infrastructure Knowledge Zone
Enterprise Communications Implementation Specialist Guided Learning Path
Network Session Delivery and Control Infrastructure Implementation Specialist Guided Learning Path
Network Session Delivery and Control Infrastructure (Acme Packet) Education