ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 220 discussion

Actual exam question from ISC's CISSP
Question #: 220
Topic #: 1
[All CISSP Questions]

An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is concerned with unauthorized phone usage. The security consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal identification number (PIN) codes for each person in the organization. What is the BEST solution?

  • A. Have the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage.
  • B. Have the administrator change the PIN regularly. Implement call detail records (CDR) reports to track usage.
  • C. Use phone locking software to enforce usage and PIN policies. Inform the user to change the PIN regularly.
  • D. Implement call detail records (CDR) reports to track usage.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Jamati at Nov. 10, 2022, 5:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RRabbit_111
4 months, 2 weeks ago
Selected Answer: C
i think the goal is to secure phones from unauth usage and you have to lock the phones down. It doesnt say that (A) locks it down. the CDR reports tracks usage but that doesnt prevent usage.
upvoted 2 times
...
74gjd_37
1 year, 6 months ago
Selected Answer: A
The best solution is Option A because it ensures that the PIN codes are changed regularly, making it difficult for unauthorized users to access the phone system; additionally, implementing call detail records (CDR) reports allows for tracking of phone usage, which can be used to identify any unauthorized usage and take appropriate action. Option C, using phone locking software, may be a good additional measure, but it is not a complete solution on its own. Option B, having the administrator change the PIN regularly, is not practical as it would be difficult to manage and may cause confusion for users. Option D, implementing CDR reports alone, does not address the issue of unauthorized usage and does not provide a way to prevent it in the first place.
upvoted 3 times
...
liebeskind
1 year, 11 months ago
can a "Unique" personal ID number be changed arbitrarily? what if two users picked a same PIN? how to distinguish them?
upvoted 2 times
...
jackdryan
1 year, 11 months ago
A is correct
upvoted 1 times
...
DJOEK
2 years, 3 months ago
Selected Answer: A
The best solution would be to have the administrator enforce a policy to change the PIN regularly and implement call detail records (CDR) reports to track usage. This would help to prevent unauthorized phone usage and allow the organization to monitor and track usage. Option A would be effective in securing the VoIP phones and ensuring that they are being used appropriately.
upvoted 2 times
...
rajkamal0
2 years, 3 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
Ivanchun
2 years, 3 months ago
Selected Answer: A
A vs B, A is enforce - best solution
upvoted 3 times
...
Li_Rong_Han
2 years, 4 months ago
Did you notice the catch in the answers for A and B? A is to enforce a policy (Applies to all users) to change the PIN regularly. B is to have the administrator's PIN to be changed only. The question says that the "Administrators have assigned unique personal identification number (PIN) codes for each person in the organization". You can't ask the Administrator to change everyone's unique PIN by himself. The given answer is correct.
upvoted 2 times
Meowson
1 year, 9 months ago
Do you understand English?
upvoted 1 times
...
...
Jamati
2 years, 5 months ago
Selected Answer: B
The administrator does not create policy, he simply enforces it.
upvoted 1 times
Nickolos
2 years, 4 months ago
That's what A says. Enforce policy. In addition, the organization couldn't enforce non repudiation,because the user could simply argue the admij used their phone with the pin they created.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago