SRTP is what carries the actual voice payload. Question talks about registration which happens with SIP over UDP 5060. SIPS is SIPoTLS using TCP 5061.

SIP (Session Initiation Protocol) creates the connection from peer to peer (e.g. phone to phone or phone to phone system). Let’s say it sets the switches for the audio stream. Once the connection is established, the RTP (Real time Transport Protocol) is used to transport the audio or video data.

To overcome the security flaws of SIP and RTP and safely make secure calls via the internet, encrypted versions of both protocols have been developed. SIPS, which stands for SIP Secure, is SIP, extended with TLS (Transport Layer Security). With this TLS, a secure connection between IP PBX and VoIP telephone can be established using a handshake approach. SRTP encodes the voice into encrypted IP packages and transport those via the internet from the transmitter (IP phone system) to the receiver (IP phone or softphone), once SIPS has initiated a secure connection. To allow the receiver to decrypt the packages, a key is sent via SIPS, while the connection is initiated in the previous step.

SIPS...notice "when phones authenicate" See this link below https://askozia.com/voip/what-is-sips-and-srtp/#:~:text=SRTP%20encodes%20the%20voice%20into%20encrypted%20IP%20packages,the%20connection%20is%20initiated%20in%20the%20previous%20step.

Every other site with this questions is saying it's A srtp...and yeah sips isn't even on exam objectives

Its A - SRTP , Darill Gibson book Pag2 142

SIP / SIPS aren't even in the SY0-501 exam objectives.

SIPS not mentioned in GCGA, SRTP is the correct answer. Also SIP faces externally

SIPS is related to VoIP and uses TLS so answer is correct.

Session Initiated Protocol (SIP): Allows people from all over the internet, and those with VoIP, to communicate using their computers, tablets, and smartphones. An example would be of a secretary who could receive a Skype call for the boss: SIP allows them to put the caller on hold, speak to their boss, and, if needs be, put the person through. Real Time Protocol (RTP): Once SIP has established the session, RTP transfers the videoconferencing traffic. Secure Real Time Protocol (SRTP): Used to secure the videoconferencing traffic—it normally uses TCP port 5061. VLAN: Voice traffic being placed in a VLAN segments it from the rest of the network. Media gateway: Allows different methods of video and voice to communicate with each other, for example, if you use an XMPP gateway, you can connect Jabber clients to a Skype session.

"credentials may be intercepted and compromised when IP phones authenticate with the BPX" They are not worried that the call is intercepted, but only the credentials(VoIP Phone registration and signaling) That is why D is the correct answer.

SIP provides a stateless, challenge-based mechanism for authentication that is based on authentication in HTTP.

I was in doubt too, but answer is D. SRTP is a security profile for RTP that adds confidentiality, message authentication, and replay protection to that protocol. Does not authenticate!!!

Secure SIP (Session Initiation Protocol) Fusion Embedded™ secure SIP or SIPS, provides secure communications for the VoIP Industry's popular SIP protocol. As defined by RFC 3261, secure SIP allows the device to make a secure connection to a server so that all communications can be encrypted.

the answer her is A

D, SIPS (Session Initiation Protocol. SIPS is SIP over SSL/TLS)

Check this site https://askozia.com/voip/what-is-sips-and-srtp/