SY0-501 · Question #247
SY0-501 Question #247: Real Exam Question with Answer & Explanation
The correct answer is D: Require SIPS on connections to the PBX.. To prevent the interception and compromise of authentication credentials during IP phone authentication with a PBX, implementing SIPS (SIP Secure) is the most effective solution.
Question
A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?
Options
- AImplement SRTP between the phones and the PBX.
- BPlace the phones and PBX in their own VLAN.
- CRestrict the phone connections to the PBX.
- DRequire SIPS on connections to the PBX.
Explanation
To prevent the interception and compromise of authentication credentials during IP phone authentication with a PBX, implementing SIPS (SIP Secure) is the most effective solution.
Common mistakes.
- A. SRTP (Secure Real-time Transport Protocol) encrypts the media stream (audio/video payload) but does not secure the SIP signaling traffic where authentication credentials are exchanged.
- B. Placing devices in a VLAN provides network segmentation but does not encrypt the communication channel itself, leaving credentials vulnerable if sniffed within the VLAN.
- C. Restricting phone connections is a general access control measure that limits who can connect but does not inherently encrypt the traffic or prevent credential interception once a connection is established.
Concept tested. VoIP signaling security protocols (SIPS/TLS)
Reference. https://learn.microsoft.com/en-us/microsoftteams/teams-security-guide#sip
Community Discussion
No community discussion yet for this question.