Exam SY0-601 topic 1 question 748 discussion

Vishing SPIM (Spam over Internet Messaging) poses a threat to VoIP systems by consuming bandwidth, diverting resources, and potentially causing denial of service attacks. The influx of SPIM messages can degrade the quality of VoIP calls, overload servers, and serve as a platform for social engineering attacks, jeopardizing the security of VoIP users. To mitigate these risks, organizations should implement spam filters, intrusion detection systems, and regular software updates while also educating users to recognize and avoid potential threats associated with SPIM.

This is another repeat question but with slightly different options listed. https://www.examtopics.com/discussions/comptia/view/78835-exam-sy0-601-topic-1-question-23-discussion/ SPIM and VISHING are listed as the answer on both.

SPIT is the specific terminology for Spam Over Internet Telephony. SPIM is not a term that is usually used to cover SPIT. VLAN Hopping, on the other hand, is a concern that I have literally worked on in multiple real-world scenarios. I am aware most of you saying AB are relying on "well, those are the answer choices" or the fact that SPIM is a general DDoS method. But there is no merit at all to choosing it over the much more significant, real risk that is VLAN Hopping due to misconfigured VLAN segmentation.

I’m going with BC

Vlan hopping made more sense than SPIM initially but upon making a simple google search "can you send IMs over VOIP" and being presented with a multitude of VOIP software options with IM included, the answer indeed must be SPIM and Vishing. SMS messages are commonly sent over VOIP.

For those not convinced to Hopping (I was), one of many resources on to voip vlan hopping: https://community.broadcom.com/symantecenterprise/viewdocument/voip-hopping-a-method-of-testing?CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68 The other one just must be Vishing.

This is a question for those that have chosen SPIM - Spam Over Instant Message. How does IM relate to VoIP? How can an attacker IM a VoIP? Maybe I’m missing something?

Phones can have access to 2 vlans as they normally tag their voice vlan and if a pc goes through a phone it will leave the PC traffic untagged for the data network. CDP/LLDP can also advertise there voice and data vlan to phone enabled ports.

There you have it: the answers are option B and C. See my previous post below; and check out the referenced link in this one as well. https://community.broadcom.com/symantecenterprise/viewdocument/voip-hopping-a-method-of-testing?CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments#:~:text=The%20VoIP%20Hop%20can%20allow,against%20the%20IP%20Phone%20network.

This is for reference:: https://fitsmallbusiness.com/voip-security-threats/ Only one of the choices (Vishing), is a very clear option. Of the others, SPIM would have been right if it was SPIT (Spam over IP Technology). VLAN Hopping is defined (in Wikipedia) as: a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. VoIP phones are vLAN resources as well; but none of the other choices make ANY sense.

Vishing and VLAN hopping are the only attacks in the options provided which can directly exploit VoIP vulnerabilities.

B. Vishing C. VLAN hopping If it were SPIT and not SPIM, i would go with that. Remember that an IP phone is a network device on a designated voice vlan..I know the answer is not ideal, but as I always say, best of the worst. Also phishing in voip is call vishing, so it is redundant...and on that note, FU Comptia for these stupid choices.

Phishing also occurs through Vishing as the question entails. SPIM is through message. --x

Might be A and C due to VLAN hopping meaning to ease drop on conversations But I know one of the answers are B so I'm confused...

Im thinking AB

I would still go with Vshing and Phishing.