CAS-003 Question #381: Real Exam Question with Answer & Explanation

The correct answer is B: Change the settings on the phone system to use SIP-TLS.. The symptoms - automated calls spoofing internal caller ID information - indicate VoIP caller ID spoofing, likely through unauthenticated or unencrypted SIP (Session Initiation Protocol) traffic being manipulated. SIP-TLS (SIP with Transport Layer Security) addresses this by encr

Question

Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. \Which of the following should the systems administrator do to BEST address this problem?

Options

AAdd an ACL to the Firewall to block VoIP.
BChange the settings on the phone system to use SIP-TLS.
CHave the phones download new configuration over TFTP.
DEnable QoS configuration on the phone VLAN

Explanation

The symptoms - automated calls spoofing internal caller ID information - indicate VoIP caller ID spoofing, likely through unauthenticated or unencrypted SIP (Session Initiation Protocol) traffic being manipulated. SIP-TLS (SIP with Transport Layer Security) addresses this by encrypting the SIP signaling channel and using certificate-based mutual authentication, which prevents external actors from injecting or spoofing SIP messages that appear to originate from internal extensions. Option A (ACL to block VoIP at the firewall) would block legitimate VoIP traffic entirely and is not a targeted fix for spoofing. Option C (phones downloading config over TFTP) is actually a security regression - TFTP is an unauthenticated, unencrypted protocol that could itself be exploited to push malicious phone configurations; this would worsen the problem. Option D (QoS on the phone VLAN) is a traffic prioritization measure for call quality and has no security function - it does nothing to prevent spoofing.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice