CISSP · Question #879
CISSP Question #879: Real Exam Question with Answer & Explanation
The correct answer is B: Toll fraud. The scenario describes unauthorized external parties connecting to a VoIP server and placing numerous unauthorized calls globally, resulting in increased charges. This attack, which exploits a telecommunications system for financial gain by incurring costs on the victim, is known
Question
A security engineer is conducting an audit of an organization's Voice over Internet Protocol (VoIP) phone network due to a large increase in charges from their phone provider. The engineer discovers unauthorized endpoints have connected to the phone server from the public internet and placed hundreds of unauthorized calls to parties around the globe. Which type of attack occurred?
Options
- AControl eavesdropping
- BToll fraud
- CCall hijacking
- DAddress spoofing
Explanation
The scenario describes unauthorized external parties connecting to a VoIP server and placing numerous unauthorized calls globally, resulting in increased charges. This attack, which exploits a telecommunications system for financial gain by incurring costs on the victim, is known as toll fraud.
Common mistakes.
- A. Control eavesdropping involves passively listening to the signaling or control information of a VoIP network, not actively making unauthorized calls to generate charges.
- C. Call hijacking refers to an attacker taking control of an existing, legitimate call between two parties, typically for interception or redirection, rather than initiating new fraudulent calls.
- D. Address spoofing is the act of forging source IP addresses or caller ID information to mask identity or impersonate another entity, but it doesn't describe the broader act of making unauthorized, billable calls.
Concept tested. VoIP attack types, toll fraud
Topics
Community Discussion
No community discussion yet for this question.