Exam CISSP topic 1 question 151 discussion

Where does Examtopics get their answers from?

I am going with C on this one. Here is my reasoning from research: The CISSP 9ed mentions 802.1x but as a vulnerability, not as a protection. It basically states that due to the nature of voip devices, it is easy to spoof Mac addresses and get past layered defenses. It also mentions TLS and SRTP as protection mechanisms. Cisco has an article that I found helpful. (Link below) It does not mention 802.1x at all but does go into to TLS and SRTP. https://www.cisco.com/c/en/us/solutions/small-business/resource-center/security/tips-ip-phone-security.html#~configure-and-protect-systems Given that SRTP is not an option. TLS seems to be the best answer in this case.

802.1x authenticates the users before allowing access. TLS and other protocols will secure the call while in progress. The questions asks how to prevent unauthorized users, so the answer is 802.1x

802.1X is a network authentication and access control mechanism, while TLS is a protocol that protects data transfers between a client and a web server

Has to be C - 802.1x is port authentication.

I think the VOIP detail is irrelevant. TLS will provide privacy between sessions. The question is asking about preventing unauthorized access to the network.. so it has to be D

Question is asking about preventing access.

Going with D. TLS protect man-in-the-middle attackers who is already in range within the VOIP network from eavesdropping connections. It provide no authentication nor authorization that prevent unauthorized users getting in the network. With TLS, attackers in range may still connect their devices to the VOIP network and make connections (just that they can't eavesdrop others).

Answer C) Transport Layer Security (TLS) I really hate these ambiguous questions. Essentially, 802.11g and 802.1x are the same...they provide a protocol to authenticate network traffic...just one happens to be direct and state it is for wireless. If two options are the same, then it must mean that they are not the right choice and it is must be TLS. ( At least one would think)

Similar to @qwertyloopback, went with C because SRTP was not an option but you can encrypt VoIP SIP traffic with TLS.

I did not see SRTP, so it must be TLS.

https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/concept/802-1x-pnac-voip-understanding-mx-series.html When you use Voice over IP (VoIP), you can connect IP telephones to the router and configure IEEE 802.1X authentication for 802.1X-compatible IP telephones. Starting with Junos OS Release 14.2, 802.1X authentication provides network edge security, protecting Ethernet LANs from unauthorized user access. When VoIP is used with 802.1X, the RADIUS server authenticates the phone. You can configure 802.1X authentication to work with VoIP in multiple supplicant or single supplicant mode. In multiple-supplicant mode, the 802.1X process allows multiple supplicants to connect to the interface. The BEST option to secure the VoIP network is option D, 802.1x. This is a standard for port-based network access control that provides authentication and authorization to devices trying to connect to the network. By implementing 802.1x, only authorized devices can connect to the VoIP network, preventing unauthorized access.

Bard says TLS is a cryptographic protocol that encrypts data in transit between two endpoints. This means that even if an unauthorized user is able to intercept the data, they will not be able to read it. TLS is the most widely used encryption protocol for VoIP traffic, and it is considered to be very secure. The other options are not as secure as TLS. 802.11g is a wireless networking standard that does not provide any encryption by default. A WAF is a firewall that is designed to protect web applications from attacks. It can be used to block malicious traffic, but it does not encrypt data. 802.1x is a network access control protocol that can be used to authenticate users before they are allowed to access the network. However, it does not encrypt data in transit. In conclusion, TLS is the best way to secure a VoIP network from unauthorized access.

The BEST option to help secure a Voice over Internet Protocol (VoIP) network and prevent unauthorized access is option D, 802.1x. 802.1x is a network access control protocol that provides authentication and authorization for devices attempting to connect to a network. It allows for user-based authentication and provides a secure method to control access to the VoIP network. By implementing 802.1x, only authorized users or devices with valid credentials will be granted access to the network, while unauthorized users will be prevented from connecting.

C. "Call encryption uses Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP). These VoIP protocols work together to establish high-grade security in every call." "For the greatest interoperability, SIP isn’t encrypted." https://www.nextiva.com/blog/voip-security.html

see my previous comment :-)

Answer D is not the best one because 802.1x only provides protection on the network level - regardless of the services. But in this scenario the "voip network" shall be protected. This can be achieved using TLS. With TLS other entities in the network cannot get unencrypted VOIP traffic. Furthermore TLS provides (optional) mutual authentication (mTLS). So only legitimate VoIP endpoints can "access" the mTLS protected "VoIP network".