Exam SY0-601 topic 1 question 23 discussion

Hopping does not exist in exam objectives

after heavy consideration and reading through multiple sec+ books, i m kinda going with B & D. vishing and credential harvesting as being the most common attacks, as hopping doesnt ever seem to come up in the material. https://fitsmallbusiness.com/voip-security-threats/

A AND B. Vlan hopping and credential harvesting are not voip specific.

SPIM is for messages So B for sure and the next closer to VOIP vulnerability is the E

please tell me how you're going to Instant message a voip phone, answer can't be A.. its BE

Scammers use Voip to offer fake employment and also use it to gather datas that contains individual using SMS social engineering.

Copilot says B+E. Copilot: The two common VoIP-associated vulnerabilities from the options provided are: B. Vishing: Vishing, or voice phishing, is a type of attack that attempts to trick victims into giving up sensitive personal information over the phone. Since VoIP systems are essentially transmitting voice as data over IP networks, they are susceptible to the same phishing attacks that can occur in data networks. E. Credential Harvesting: VoIP systems can be vulnerable to attacks where credentials are harvested. Attackers can use various methods, such as brute force attacks or packet sniffing, to obtain user credentials. Once these credentials are obtained, attackers can gain unauthorized access to the VoIP system.

SPIM (Spam over Internet Messaging) is a type of VoIP-associated vulnerability that involves sending unsolicited or fraudulent messages over an internet messaging service, such as Skype or WhatsApp. It can trick users into clicking on malicious links, downloading malware, providing personal or financial information, etc., by impersonating a legitimate entity or creating a sense of urgency or curiosity. Vishing (Voice Phishing) is a type of VoIP-associated vulnerability that involves making unsolicited or fraudulent phone calls over an internet telephony service, such as Google Voice or Vonage. It can trick users into disclosing personal or financial information, following malicious instructions, transferring money, etc., by using voice spoofing, caller ID spoofing, or interactive voice response systems.

SPIM (Spam over Internet Messaging) is a type of VoIP-associated vulnerability that involves sending unsolicited or fraudulent messages over an internet messaging service, such as Skype or WhatsApp. It can trick users into clicking on malicious links, downloading malware, providing personal or financial information, etc., by impersonating a legitimate entity or creating a sense of urgency or curiosity. Vishing (Voice Phishing) is a type of VoIP-associated vulnerability that involves making unsolicited or fraudulent phone calls over an internet telephony service, such as Google Voice or Vonage. It can trick users into disclosing personal or financial information, following malicious instructions, transferring money, etc., by using voice spoofing, caller ID spoofing, or interactive voice response systems.

B. For sure but E. is correct due to Voicemail via email attachment. The attachment may malicious code.

For those not convinced to Hopping (I was), one of many resources on to voip vlan hopping: https://community.broadcom.com/symantecenterprise/viewdocument/voip-hopping-a-method-of-testing?CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68 The other one just must be Vishing.

SPIM (Spam over Instant Messaging) not with VoIP Vishing yes as it is voice phishing...partly why when a spammer asks you a yes or no questions,,,,its best to hang up. Cred harvisting can be exploited when you have voicemail set to be emailed to you

Only B & C answers are related to VOIP. Vishing should be obvious Hopping, not as obvious, but since putting VOIP devices on a separate network, physical or VLAN, is a recommended good practices, VLAN is susceptible to hopping.

SPIM falls into VoIP in Comptia's world.

Based on gather information i think it is A and B, although B and E also sound correct. I hate these questions.

SPIM and Vishing

Vishing is an obvious choice. However, all the others are questionable. Considering what's left, I'd say SPIM is the best logical conclusion (SPIT would be better but not listed). If you agree with credential harvesting, you have to agree with Phishing because that's how Professor Messer says credential harvesting takes place (by sending a malicious attachment over email and a user clicking it). Hopping from what I looked up has to do with moving around different avenues to gain access to a system or environment. I guess it could include using the phone. However, I looked up IM over VOIP and it appears to be possible. I could be wrong though. If I get the question, I'm going with A and B on the test.