nerdexam
(ISC)2

CISSP · Question #1059

An organization wants to migrate to Session Initiation Protocol (SIP) to save on telephony expenses. Which of the following security related statements should be considered in the decision-making proc

The correct answer is D. Given the behavior of SIP traffic, additional security controls would be required.. SIP is widely used for voice over IP (VoIP) communication, and while it offers cost savings and flexibility, it also introduces security concerns. SIP traffic, by nature, can be vulnerable to eavesdropping, man-in-the-middle attacks, and Denial of Service (DoS) attacks. Since SIP

Submitted by fernanda_arg· Mar 5, 2026Communication and Network Security

Question

An organization wants to migrate to Session Initiation Protocol (SIP) to save on telephony expenses. Which of the following security related statements should be considered in the decision-making process?

Options

  • ACloud telephony is less secure and more expensive than digital telephony services.
  • BSIP services are more secure when used with multi-layer security proxies.
  • CH.323 media gateways must be used to ensure end-to-end security tunnels.
  • DGiven the behavior of SIP traffic, additional security controls would be required.

How the community answered

(25 responses)
  • A
    12% (3)
  • B
    8% (2)
  • C
    4% (1)
  • D
    76% (19)

Explanation

SIP is widely used for voice over IP (VoIP) communication, and while it offers cost savings and flexibility, it also introduces security concerns. SIP traffic, by nature, can be vulnerable to eavesdropping, man-in-the-middle attacks, and Denial of Service (DoS) attacks. Since SIP messages are transmitted in cleartext (unencrypted), it is important to implement additional security controls, such as: Encryption: SIP traffic should be encrypted using protocols like TLS (Transport Layer Security) for signaling and SRTP (Secure Real-Time Transport Protocol) for media. Authentication and Authorization: Strong authentication methods are necessary to prevent unauthorized users from initiating or listening to calls. Firewalls and Proxies: A secure proxy or SBC (Session Border Controller) can help manage traffic and mitigate security risks like DoS attacks or unauthorized access.

Topics

#SIP security#VoIP security#network protocols#communication security controls

Community Discussion

No community discussion yet for this question.

Full CISSP Practice