Question 3 of 500
Automation and Quality of ServicemediumMultiple ChoiceObjective-mapped

Quick Answer

The answer is that NBAR fails to match encrypted Cisco Jabber traffic because the application uses TLS for signaling and SRTP for media, which encrypts the payload and prevents deep packet inspection. NBAR relies on identifying application signatures within packet payloads, but encryption renders those signatures invisible, so even with an up-to-date protocol pack, the class-map matching 'cisco-jabber' via NBAR protocol discovery will show zero matches. On the Cisco SPCOR 350-501 exam, this scenario tests your understanding that NBAR cannot classify encrypted flows without a decryption point, such as a next-generation firewall or a Cisco router with a decryption service. A common trap is assuming an updated protocol pack solves the issue, but encryption bypasses signature-based identification entirely. Remember the memory tip: "Encryption erases NBAR's eyes"—if the traffic is encrypted, NBAR cannot see the application, so alternative methods like port-based or DSCP-trusted classification must be used.

350-501 Automation and Quality of Service Practice Question

This 350-501 practice question tests your understanding of automation and quality of service. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A network engineer is troubleshooting QoS on a Cisco ASR 1000 router. The router has a service-policy applied on the ingress interface GigabitEthernet0/0/0. The policy uses a class-map to match traffic based on NBAR protocol discovery for 'cisco-jabber'. The goal is to mark the traffic with DSCP AF41. However, when the engineer checks the policy statistics, the class 'jabber' shows zero matches, even though the users are actively using Cisco Jabber. The NBAR protocol discovery is enabled globally and on the interface. The engineer verifies that the NBAR protocol pack is up-to-date. What is the most likely reason for the class-map not matching?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Question 1mediummultiple choice
Study the full QoS explanation →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Cisco Jabber traffic is encrypted, so NBAR cannot identify it

Cisco Jabber uses encrypted signaling and media (SRTP/TLS), which prevents NBAR from performing deep packet inspection to identify the application. Even with an up-to-date protocol pack, NBAR cannot match encrypted traffic unless decryption is performed elsewhere. Therefore, the class-map matching 'cisco-jabber' via NBAR protocol discovery will show zero matches.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The service-policy should be applied on the egress interface instead

    Why it's wrong here

    Classification must happen on ingress to mark before routing.

  • Cisco Jabber traffic is encrypted, so NBAR cannot identify it

    Why this is correct

    NBAR relies on deep packet inspection; encryption hides application signatures.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • The class-map is using 'match access-group' instead of 'match protocol'

    Why it's wrong here

    If using access-group, it might not match NBAR signatures.

  • The NBAR protocol pack is not activated on this interface

    Why it's wrong here

    Protocol pack is global; activation is not per-interface.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Cisco often tests the limitation that NBAR cannot classify encrypted or obfuscated traffic, leading candidates to incorrectly assume the issue is with policy direction, match method, or protocol pack activation.

Detailed technical explanation

How to think about this question

NBAR relies on deep packet inspection (DPI) to identify applications by analyzing packet payloads, including signatures for protocols like SIP, RTP, and TLS handshakes. When Cisco Jabber uses encrypted SRTP for media and TLS for signaling, NBAR cannot see the application-layer data, so it falls back to generic classification (e.g., 'ssl' or 'unknown'). In real-world deployments, to classify encrypted traffic, you might need to use a different approach such as NBAR2 with TLS/SSL decryption (e.g., via a firewall) or rely on source/destination IP and port ranges.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A practitioner preparing for the 350-501 exam encounters this exact type of scenario on the job. The correct answer here is not the most general option — it is the best answer for the specific constraint described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Real exam questions reward reading the full scenario before eliminating options, because the constraint defines which answer fits.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related 350-501 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 350-501 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 350-501 question test?

Automation and Quality of Service — This question tests Automation and Quality of Service — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Cisco Jabber traffic is encrypted, so NBAR cannot identify it — Cisco Jabber uses encrypted signaling and media (SRTP/TLS), which prevents NBAR from performing deep packet inspection to identify the application. Even with an up-to-date protocol pack, NBAR cannot match encrypted traffic unless decryption is performed elsewhere. Therefore, the class-map matching 'cisco-jabber' via NBAR protocol discovery will show zero matches.

What should I do if I get this 350-501 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 25, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 350-501 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 350-501 exam.