Cisco Unity Connection Service Ports Quiz

Questions and Answers

Which TCP port must be opened for outbound connections made by Unity Connection for Exchange 2010?

7070

8080

9090

7080 (correct)

What type of notifications does Unity Connection use for voice messages?

Email notifications

Jabber notifications (correct)

Web notifications

SMS notifications

What is the service account associated with the Jetty service in Unity Connection?

exchange_service

jetty (correct)

web_account

unity_service

What is the primary application affected by the outbound connections made by Unity Connection?

Exchange 2010

Which feature is specifically mentioned for Exchange 2010 in relation to Unity Connection?

Single inbox functionality

For which application are the outbound notifications intended to notify users about voice message changes?

Unity Connection

Which of the following best describes the service that operates at TCP port 7080?

Jetty connection for Exchange

What type of service is associated with UDP port 9291 in Unity Connection?

Connection Mailbox

Which port is required for video server communication in Unity Connection?

TCP 6080

Which of the following is NOT an open port for direct connections from off-box clients in Unity Connection?

TCP 80

What function does the WebDAV Sync Service provide in connection with Unity Connection?

Synchronization of voice messages

Which component interacts with the Unity Connection via TCP port 6080?

CuCsMgr/Conversation Manager

How many open ports are specified for direct connections in the provided information?

Two

What is the primary protocol used for notifications of changes to Unity Connection voice messages?

UDP

Which of the following statements is true concerning TCP and UDP ports used by Unity Connection?

Both protocols have designated ports for communication.

What type of inbox functionality does UDP port 9291 support?

Single inbox only

Which types of addresses do the supported ports utilize?

Both IPv4 and IPv6 addresses

What functionality does Cisco Unity Connection Survivable Remote Site Voicemail (SRSV) provide?

Support for VoIP communication

What command can be executed to check the configured minimum TLS version on Unity Connection?

show tls min-version

Which of the following statements about the supported ports is true?

They enable IP communication for remote sites.

In terms of communication, what do the supported ports primarily focus on?

IP-based communication

What happens after configuring the minimum TLS version on the Cisco Unity Connection server?

The server restarts automatically.

What distinguishes the supported ports in the content provided?

Their dual support for IPv4 and IPv6

What is the primary purpose of restriction tables in Cisco Unity Connection?

To control phone numbers used for specific Unity Connection functions.

How is toll fraud defined within the context of Cisco Unity Connection?

Any toll call made at the organization's expense in violation of its policies.

What aspect of remote site communication does Cisco Unity Connection SRSV enhance?

Voicemail accessibility

Which of the following is NOT supported by the ports mentioned?

Legacy email systems

What type of security issue does the Cisco Unity Connection guide primarily address?

Toll fraud prevention.

The functionality of the supported ports is critical for which system?

Survivable Remote Site Voicemail

What technology integration do the supported ports imply?

Voice and data over IP networks

Which aspect enhances the utility of Cisco Unity Connection SRSV?

It provides voicemail solutions for both IPv4 and IPv6.

What port is used for SFTP connections in the Disaster Recovery Framework?

22

What service account is associated with the DHCP/BootP client connections?

root

Which protocol is specified for performing backups and restorations in the framework?

SFTP

Which of the following actions does the Disaster Recovery Framework NOT perform?

Install software patches

What is the purpose of UDP port 67 in the context of Cisco Unity Connection?

To obtain DHCP addressing

Which protocol is NOT listed for securing transport layers in Cisco Unity Connection?

IMAP

In the installation framework, what happens when an SFTP server is specified?

Download of upgrade media occurs.

Which of the following services is indicated for making DHCP connections?

dhclient

What is the primary function of SFTP connections in the Disaster Recovery Framework?

To perform secure backups and restorations

For which operation is port 22 primarily designated in the content provided?

SSH/SFTP connections

Study Notes

IP Communications Required by Cisco Unity Connection Service Ports

• Table 1: TCP and UDP Ports Used for Inbound Connections to Cisco Unity Connection details TCP and UDP ports for inbound connections to the Cisco Unity Connection server, and internal ports used by Cisco Unity Connection.

• Ports and protocols, operating system, firewall settings, executable/service or application, service account, and comments are included for each port.

• TCP: 20500, 20501, 20502, 19003, 1935: Open only between servers in a Unity Connection cluster; port 1935 is blocked and for internal use only.

• TCP: 21000-21512: Open. Servers in a Unity Connection cluster must connect to each other. IP phones must connect to this range of ports on the Unity Connection server for some phone client applications.

• TCP: 5000: Open, used for port-status monitoring.

• TCP and UDP ports allocated by administrator for SIP traffic. Possible ports are 5060-5199.

• TCP: 20055: Open only between servers in a Unity Connection cluster.

• TCP: 1502, 1503 ("ciscounity_tcp" in /etc/services): Open only between servers in a Unity Connection cluster.

• TCP: 143, 993, 7993, 8143, 8993: Open, for IMAP inbox access and IMAP over SSL inbox access.

• TCP: 25, 8025, 4904, 4900: 4904, UDP: 16384-21511, UDP: 7774-7900, TCP: 22000, UDP: 22000, TCP: 22001, UDP: 22001, TCP: 20532, TCP: 22, UDP: 161 various ports and protocols for different functions.

• TCP: 5007, TCP: 1500, 1501, TCP: 1515, TCP: 8001, TCP: 2555, 2556, TCP: 1090, 1099, TCP: 80, 443, 8080, 8443, TCP: 8081, 8444, TCP: 25, 587, UDP: 21, TCP: 22 (SSH/SFTP)

• UDP: 500, UDP: 9291, UDP: 6080 specific ports and protocols are also described here for inbound connections.

• UDP: 50- 5004, 8005, UDP: 16384-32767, UDP: 69, UDP: 53, UDP: 123 described various ports and protocols.

• TCP: 7080 and UDP: 9291 and UDP:6080 described specific connections required by Unity Connection.

Preventing Toll Fraud

• Toll fraud is defined as any long-distance call at the expense of an organization.
• Restriction tables in Cisco Unity Connection help prevent toll fraud by controlling which phone numbers can be used for call transfers, message notifications, and other Unity Connection functions.
• Best practices include blocking calls to the international operator, matching trunk access codes for different phone system integrations, and blocking calls to international numbers for users who don't need them.

Cisco Unity Connection - Restricted and Unrestricted Version

• This product contains cryptographic features that are subject to U.S. and local country laws.
• Restricted and unrestricted versions of Cisco Unity Connection software exist to address import requirements for some countries that involve encryption.
• Functionality is available in the restricted version whereas this functionality is disallowed in the unrestricted version.

Securing the Connection between Cisco Unity Connection, Cisco Unified Communications Manager, and IP Phones

• The connection between Unity Connection, Cisco Unified Communications Manager, and IP phones can be vulnerable to man-in-the-middle attacks, network traffic sniffing, and identity theft.
• Unity Connection requires secure communication mechanisms are described
  • Signaling authentication
  • Device authentication
  • Signaling encryption
  • Media encryption

Enhanced Security Mode in Cisco Unity Connection

• Enhanced Security Mode employs secure communication mechanisms, password requirements are stricter,
  • Remote audit logging is enabled.
  • The maximum number of concurrent sessions is restricted on each interface (e.g., Telephony, IMAP).
  • User inactivity timeout is configured to disable inactive accounts.

Passwords, PINs, and Authentication Rule Management

• Authentication rules govern passwords, PINs, and account lockouts for all user accounts.
• Recommendations include frequent password changes, unique passwords, and non-trivial passwords.
• Best practices include requiring password changes every six months, using strong passwords, and appropriate lockout policies.

Using SSL to Secure Client/Server Connections

• Using SSL or TLS ensures secure client/server communication.
• A self-signed certificate or a certificate from a trusted Certificate Authority (CA) secures connections between the Cisco PCA, IMAP clients, and Cisco Unity Connection SRSV.

Securing User Messages

• Users can control who can access their messages and their distribution to protect sensitive data.
• Options are available to prevent users from saving messages locally or archiving securely.

Next Generation Security

• The product implements Suite B cryptographic algorithms (e.g., AES encryption and ECDSA ciphers) for improved security.
• It supports HTTPS, SIP and SRTP interfaces for secure communications.

Description

Test your knowledge on the IP communications required by Cisco Unity Connection. This quiz covers essential TCP and UDP ports, their purposes, and configurations necessary for optimal functionality within a Unity Connection cluster. Prepare to dive into technical specifics of service ports used for inbound connections.