Which two statements about endpoint registration authentication are true?

Authentication credentials can be stored in the local database of the Expressway. This is true because the Expressway can use its local authentication database to verify the credentials of incoming requests from devices or external systems1. Alternatively, the Expressway can also use external authentication methods, such as LDAP, SAML, or OAuth1.

SIP endpoints always need authentication credentials. This is false because the Expressway’s authentication policy can be configured separately for each zone, and it can be set to “Do not check credentials” or “Treat as authenticated” for SIP messages from local or non-local domains1. This means that some SIP endpoints may not need authentication credentials to communicate with the Expressway, depending on the zone configuration.

The endpoint and Expressway must be configured and synchronized with an NTP server delivering an identical time stamp. This is false because the Expressway and the endpoint do not need to be synchronized with identical NTP timestamps for authentication purposes2. However, it is recommended to synchronize the Expressway and the endpoint with the same NTP server for other reasons, such as logging, troubleshooting, and certificate validation3.

Expressways and endpoints do not need to be synchronized with identical NTP timestamps. This is true because the Expressway and the endpoint do not need to be synchronized with identical NTP timestamps for authentication purposes2. However, it is recommended to synchronize the Expressway and the endpoint with the same NTP server for other reasons, such as logging, troubleshooting, and certificate validation3.

When a subzone is set for “Treat as Authenticated”, the endpoint must have the correct authentications configured. This is false because the “Treat as Authenticated” option means that the Expressway will not verify the credentials and will allow the message to be processed as if it has been authenticated1. This option can be used to cater for endpoints from third-party suppliers that do not support authentication within their registration mechanism1.

References := 1: Cisco Expressway Administrator Guide (X14.0) - Device Authentication 2: Cisco Expressway Administrator Guide (X14.0) - NTP Configuration 3: Cisco Expressway Administrator Guide (X14.0) - Time and Date