Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Exam Study Guide

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 2 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Getting Started

The Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Exam Study

Guide is designed to help you prepare for the Oracle Communications Session Border Controller 7 Advanced

Implementation Essentials exam

Earning this certification helps OPN members differentiate in the marketplace through proven in-depth expertise, and

helps their partner company qualify for the Enterprise Communications Specialization and Network Session Delivery

and Control Infrastructure Specialization.

Target Audience

The Oracle Communications Session Border Controller 7 Advanced Implementation Essentials exam audience defines

the type of participants who are likely to pass the exam and targets individuals with a specific level of education and

expertise:

Job Role:

Architect

Configuration Consultant

Configuration Implementer

Network Administrator

Project Manager

Support Engineer

System Integrator

Level of Competency:

Candidates should be able to perform routine operations (system access, configuration, backup/restore)

Knowledge of TCP/IP Networking and VoIP Telephony is highly recommended.

Holding the certification for the Oracle Communications Session Border Controller Implementation Essentials.

Exam Topics

The Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist exam covers

eleven topics:

Advanced Routing

Advanced Dynamic Routing

Advanced Session Router

Advanced Business Trunking

Advanced Header Manipulation Rules (HMR)

Advanced Media Handling

Denial of Service (Dos) Protection

Telecommunications and Cryptography

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 3 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Introduction to IP Security (IPSec)

Transport Layer Security (TLS)

Secure Real Time Protocol (SRTP)

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 4 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Levels of Knowledge

Each exam topic contains objectives and each objective is categorized by learner or practitioner level of knowledge.

Learner items test foundational grasp and

require product comprehension (not

recognition or memorization).

Example:

“When configuring a sip-interface element under the session-

router configuration branch, which are the three configuration

parameters that identify uniquely a sip-port in the SBC

configuration?”

Practitioner items present on-the-job

scenarios and require the ability to: integrate

and apply knowledge in new contexts, analyze

and troubleshoot complex issues, and solve

problems.

Example:

1) “You are configuring the SBC for an access-backbone scenario.

Your customer has three requirements: load balancing, high

availability, CDR generation. Identify the steps that must be

completed in order to meet those requirements.

2) “You are running a soft switch in the backbone network for

balancing the signaling load egressing the SBC. You decide to

add a second soft switch in your backbone network.

Using command line administration, which two configuration

elements will you configure to achieve this?

Training Options

Throughout the study guide each exam topic recommends one or several training formats:

OPN Boot Camps

Online Training

Oracle University Training

While the Oracle Partner Network facilitates free access to online training, in class trainings often require a fee.

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 5 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Exam Details per Topic

This section covers details associated to all exam topics such as: exam topics overview, objectives, levels of knowledge,

recommended trainings and sample questions. Specialization exams include all application functionalities not only the

most frequently used ones.

Topic 1: Advanced Routing

Objective Level

Describe Session Border Controller (SBC) routing options and their uses Learner

Configure management routing options to modify default behavior and

Application Layer Gateway (ALG) by static-flows

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Sample Questions

How can you change the default gateway for traffic meant to network 192.168.1.0/24?

(choose one)

A. You should configure a local policy that has next hop set to 192.168.1.0/24 and

the new gateway.

B. You should configure a host-route with destination address 192.168.1.0/24

and the new gateway

C. You should configure a host-route with default gateway set to 192.168.1.0.

D. Nothing: the default gateway cannot be changed.

In which two ways can you strip a route header from a sip message? (choose two)

A. by writing a sip manipulation

B. by writing a local policy

C. by adding the option strip-route-headers in the sip interface

D. by writing a route policy

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 6 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 2: Advanced Dynamic Routing

Objective Level

Explain Domain Name Server (DNS) operation and query types and explain what

is the purpose for using Electronic Numbering (ENUM)

Learner

Configure DNS, ENUM, local routing tables (LRT) and other elements for

smarter, more efficient and advanced routing

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Sample Questions

You need to configure one target realm that contains a list of DNS servers and make

sure that all remaining realms will use those servers.

What should you configure in the SBC to accomplish such a task? (choose one)

A. You should reference the target realm in the network interface object under the

dns-realm parameter.

B. You should reference the target realm in all the remaining realm objects

under the dns-realm parameter.

C. You should reference the target realm in the system-config object under the

global-dns parameter.

D. Nothing. There is no way to accomplish such a task in the SBC.

What should you configure in order to have the SBC to act as an ENUM server in its

own right? (choose one)

A. You should configure an internal DNS server on an SBC that runs a Linux

kernel.

B. You should configure a local-routing-config object that points to an

internal XML file.

C. You should configure an internal ENUM server on an SBC that runs

VXWORKS.

D. Nothing. The SBC cannot act as an ENUM server in its own right.

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 7 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 3: Advanced Session Router

Objective Level

Explain traditional Class 4 networks

Explain an Open Session Routing (OSR)

Configure a Session Router (SR) as session-stateful, transaction-stateful, or

transaction-stateless

Analyze traces for different SR modes noting the difference from the SBC

Learner

Learner

Practitioner

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Sample Questions

Which of the following is a possible value for the operation-mode parameter that

enables the Session Router (SR) functionality? (choose one)

A. Session-stateful

B. Transaction-stateful

C. Transaction-stateless

D. All of the above

Which of the following SIP headers will be added in the SIP signaling message by a

Session Router (SR)? (choose one)

A. Record-Route

B. From

C. To

D. None of the above

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 8 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 4: Advanced Business Trunking

Objective Level

Explain the business trunking principles and options

Configure Session Initiation Protocol (SIP) connect, trunk group URIs, and

surrogate registrations on the SBC

Learner

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Sample Questions

Which object should you use in the SBC if it had a core that required registrations from

all entities and an IP-PBX that had no registration capability? (choose one)

E. trunk group routing

F. sip-nat

G. surrogate-agent

H. straight-through peering

I. registration-caching

How should you add trunk group/trunk context information that an application server in

the core may need for billing purposes? (choose one)

E. with a SIP manipulation that adds trunk group/trunk context information

in the Contact header

F. with a SIP manipualation that adds adds trunk group/trunk context information

in the SDP body

G. by adding the trunk group/trunk context information in the sip-config object

H. by adding the trunk group/trunk context information in the system-config object

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 9 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 5: Advanced Header Manipulation Rules (HMR)

Objective Level

Explain HMR rule set basics and how HMRs are constructed and processed by

the SBC

Configure efficient HMRs using the power of regular expressions (Regex),

conditioning, chaining and more

Learner

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Sample Questions

You are concerned about optimizing your HMRs in order to reduce CPU cycles caused

by regular expression lookups.

How should you structure those HMRs that are used to perform regex lookup actions on

sub-parts of sip headers? (choose one)

A. You should always resort to using element-rule objects whenever is possible.

B. The User may modify the configuration but neither save nor activate it.

C. The User may modify the configuration and save it, but not activate it.

D. The User may not view the configuration.

E. The User may delete the configuration.

You need to match all numbers that start with +1202 and that also are at the beginning of

a line in the From header.

Which expression is accomplishing this task? (choose one)

A. ^+1202

B. $\+1202

C. ^\+1202

D. \b\+1202

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 10 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 6: Advanced Media Handling

Objective Level

Describe access control options for media

Configure latching, symmetric-latching and restricted-latching

Configure Bandwidth Call Admission Control (CAC) and media traffic shaping

Set up Quality of Service (QoS) management and codec policing

Learner

Practitioner

Practitioner

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Sample Questions

You need to accept RTP (Real Time Protocol) from a specific subnet only. What object

should you configure? (choose one)

A. Realm-config with address-prefix set to the specific subnet you want to allow

traffic from

B. Realm-config with symmetric latching enabled

C. Realm-config with restricted latching enabled and set to the subnet you want

to allow traffic from

D. Media-manager with restricted latching enabled and set to the subnet you want to

allow traffic from

How should you configure a codec policy if you wanted to allow GSM, PCMU, and

PCMA but disallow GSM and PCMU in case they are offered along with

PCMA? (choose one)

A. allow-codecs set to GSM PCMU PCMA

B. order-codecs set to GSM PCMU PCMA:force

C. allow-codecs set to GSM PCMU PCMA:force

D. add-codecs-on-egress set to GSM PCMU PCMA:force

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 11 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 7: Denial of Service (DoS) Protection

Objective Level

Set up protection levels on the SBC (service, core infrastructure, the SBC)

Apply Constraints to messages to protect the core

Configure DoS protection mechanism within the SBC

Calculate parameter values for configuring DoS protection in the SBC

Configure dynamic and static access control

Test the behavior of DoS protection against various trust levels

Learner

Learner

Practitioner

Practitioner

Practitioner

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Oracle SBC Security Configuration

Sample Questions

Which set of elements is involved in the DoS protection of the SBC? (choose one)

A. sip-config, media-manager and session-agent

B. system-config, realm-config and access-control

C. realm-config, sip-interface with sip-port and steering-pool

D. media-manager, realm-config and access-control

E. session-router, local-policy and session-constraints

If an Endpoint is demoted to denied, for how long will its traffic be blocked? (choose

one)

A. for the value in seconds entered in the deny-period parameter in realm-config

B. for 2 times the value in seconds entered in the deny-period parameter in realm-

config

C. for the value in seconds entered in the tolerance-window in media-manager

D. for 2 times the value in seconds entered in the tolerance-window in media-

manager plus the value in seconds in the deny-period parameter in realm-

config

E. for 2 times the value in seconds entered in the tolerance-window in media-

manager

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 12 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 8: Telecommunications and Cryptography

Objective Level

Describe VoIP vulnerabilities, including SIP call interception

Explain symmetric and asymmetric key cryptosystems

Describe authentication concepts: hash, digital signature

Manually calculate the Diffie-Hellman Key Exchange algorithm

Describe the need for Certification Authorities (CA) and digital certificates

Learner

Learner

Learner

Practitioner

Learner

Recommended Training

Oracle SBC Advanced Configuration

Oracle SBC Security Configuration

Sample Questions

Which two are purposes of the asymmetric key cryptography? (choose two)

A. using the public key for encrypting and decrypting the messages

B. using the private key for encrypting and decrypting the messages

C. using the public key for encrypting and the private key for decrypting the

messages

D. using the same pre shared key for encrypting and decrypting the messages

E. using the private key for encrypting and the public key for decrypting the

messages

What two options may be used in digital signatures? (choose two)

A. Timestamps, to provide transmission protection

B. Encapsulation to provide privacy

C. Nonce, a number used only once to provide protection against replay

attacks

D. Message numbering to provide confidentiality of the owner

E. Segmentation to provide protection against eavesdropping

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 13 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 9: Introduction to IP Security (IPSec)

Objective Level

Explain the IPSec protocol suite; protocols and components

Test the IPsec modes of operations

Configure IPsec on the SBC

Explain the principles of Internet Key Exchange (IKE)

Analyze the IKE negotiation processes

Configure IKE and verify the process on the SBC

Learner

Practitioner

Practitioner

Learner

Learner

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Oracle SBC Security Configuration

Sample Questions

A customer has an IP trunk between two standalone SBCs. The customer requests to

protect the VoIP traffic with an IPSec tunnel using manual keys. What objects do you

need to add into the existing configuration? (choose one)

A. a security-policy and a security-association

B. a security-policy and ipsec-global-config

C. a security-association and ipsec-global-config

D. a security-policy, a securrity-association and ipsec-global-config

Identify two SBCs models supporting IPSec with IKE. (choose two)

A. SBC 4500 with Secure Services Module (SSM) card

B. SBC 4500 with Base NIU and Enhanced Traffic Control NIU

C. SBC 3800 with Base NIU with inline IPsec/SRTP encryption processors

D. SBC 3800 with Base NIU with inline IPsec/SRTP encryption processors

and Secure Services Module (SSM) card

E. SBC 4500 with Enhanced Traffic Control NIU and Secure Services Module

(SSM) card

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 14 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 10: Transport Layer Security (TLS)

Objective Level

Explain TLS protocol and the applications of TLS

Describe TLS sub-layers, TLS sessions, and TLS key exchanges

Set up the SBC to process TLS

Configure the TLS features on the SBC

Learner

Learner

Practitioner

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Oracle SBC Security Configuration

Sample Questions

Identify three TLS messages that are used for TLS session establishment with mutual

authentication. (choose three)

A. The Client sends "Certificate Request" to the Server.

B. The Server sends "Certificate Request" to the Client.

C. The Server sends "Certificate" to the Client.

D. The Client sends "Certificate" to the Server.

E. The Client sends "Client Key Exchange" to the Server.

A customer using TLS requests to do a hardware upgrade from a SBC 3800 to a SBC

4500. How can you load the certificates from the old SBC into the new one? (choose

one)

A. Export the SBC's certificates and private keys, and then import into the new

SBC

B. It is not possible to reuse the existing certificates. You need to generate new

ones.

C. Load a backup of the configuration into the new SBC.

D. Export the SBC's certificates and then import into the new SBC.

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 15 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Topic 11: Secure Real Time Protocol (SRTP)

Objective Level

Explain Real Time Protocol (RTP) and Real Time Control Protocol (RTCP)

Analyze RTP and RTCP packet structures

Explain SRTP basics including key exchange, and Cryptographic Context

Set up SRTP operations on the SBC

Set up different SRTP topologies: including three types of SRTP terminations

Learner

Learner

Learner

Practitioner

Practitioner

Recommended Training

Oracle SBC Advanced Configuration

Oracle SBC Security Configuration

Sample Questions

Which are the two correct statements when negotiating the cryptographic context for

SRTP/SRTCP? (choose two)

A. When using SDES, the key materials are sent unencrypted.

B. When using MIKEY, the key materials are sent encrypted.

C. The SDP offer can provide a list of crypto offers.

D. The SDP offer can provide only one crypto offer.

A customer requests you to configure the SBC to support RTP and SRTP in the same

access realm. Which two statements are true? (choose two)

A. You must configure it in three different elements: media-sec-policy, sdes-

profile/mikey-profile, and security-policy.

B. It is not supported. You need to define two realms.

C. It is only supported in the Single-ended SRTP Termination topology.

D. It is supported in all the topologies.

Oracle Communications Session Border Controller 7 Advanced Certified Implementation Specialist Study Guide page 16 of 16

Getting Started | Target Audience | Exam Topics | Training Options | Exam Details per Topic | Exam Registration Details | Additional Resources

Exam Registration Details

Full exam preparation details are available on the exam page Oracle Communications Session Border Controller 7

Advanced Implementation Essentials, including learning objectives, number of questions, time allowance, pricing and

languages available.

The OPN Certified Specialist Exams appointments are available worldwide at Pearson VUE Testing Centers.

Reservations can be made via phone or online.

Candidates must have an Oracle Web Account to access CertView and check their exam results. In order to have their

certifications reflected on OPN Competency Center, both CertView and Pearson Vue accounts must be updated with the

current OPN Company ID. Your Company ID can be obtained by contacting your local Oracle Partner Business Center

or by signing in to your OPN account.

Additional Resources

Oracle Session Border Controller Partners Information

Oracle Communications Session Border Controller Essentials Exam (1Z0-400)

Enterprise Communications Knowledge Zone

Network Session Delivery and Control Infrastructure Knowledge Zone

Enterprise Communications Implementation Specialist Guided Learning Path

Network Session Delivery and Control Infrastructure Implementation Specialist Guided Learning Path

Network Session Delivery and Control Infrastructure (Acme Packet) Education