Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
heads up - vlan hopping one was of the choices on my exam, but credential harvesting was not! IDK which one is correct besides vishing, but cred harvesting wasnt there.
after heavy consideration and reading through multiple sec+ books, i m kinda going with B & D. vishing and credential harvesting as being the most common attacks, as hopping doesnt ever seem to come up in the material.
https://fitsmallbusiness.com/voip-security-threats/
although they dont specifically mention VOMIT, a common result of VOMIT would be credntial harvesting.
"VOMIT, is a VoIP hacking technique that extracts confidential data and voice packets directly from calls. VOMIT works by eavesdropping on phone calls and converting phone conversations into files straight from your business phone system. This makes it easy to obtain company information, including usernames, passwords, bank details, phone numbers, and call origin."
SPIM (Spam over Internet Messaging) is a type of VoIP-associated vulnerability that involves sending unsolicited or
fraudulent messages over an internet messaging service, such as Skype or WhatsApp. It can trick users into clicking on
malicious links, downloading malware, providing personal or financial information, etc., by impersonating a legitimate
entity or creating a sense of urgency or curiosity. Vishing (Voice Phishing) is a type of VoIP-associated vulnerability
that involves making unsolicited or fraudulent phone calls over an internet telephony service, such as Google Voice or
Vonage. It can trick users into disclosing personal or financial information, following malicious instructions,
transferring money, etc., by using voice spoofing, caller ID spoofing, or interactive voice response systems.
SPIM (Spam over Internet Messaging) is a type of VoIP-associated vulnerability that involves sending unsolicited or
fraudulent messages over an internet messaging service, such as Skype or WhatsApp. It can trick users into clicking on
malicious links, downloading malware, providing personal or financial information, etc., by impersonating a legitimate
entity or creating a sense of urgency or curiosity. Vishing (Voice Phishing) is a type of VoIP-associated vulnerability
that involves making unsolicited or fraudulent phone calls over an internet telephony service, such as Google Voice or
Vonage. It can trick users into disclosing personal or financial information, following malicious instructions,
transferring money, etc., by using voice spoofing, caller ID spoofing, or interactive voice response systems.
For those not convinced to Hopping (I was), one of many resources on to voip vlan hopping:
https://community.broadcom.com/symantecenterprise/viewdocument/voip-hopping-a-method-of-testing?CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68
The other one just must be Vishing.
SPIM (Spam over Instant Messaging) not with VoIP
Vishing yes as it is voice phishing...partly why when a spammer asks you a yes or no questions,,,,its best to hang up.
Cred harvisting can be exploited when you have voicemail set to be emailed to you
Only B & C answers are related to VOIP.
Vishing should be obvious
Hopping, not as obvious, but since putting VOIP devices on a separate network, physical or VLAN, is a recommended good practices, VLAN is susceptible to hopping.
I can't believe Hopping is not considered a vulnerability for VOIP. Every company I've ever worked for put their VOIP on a VLAN (it's a spelled out best practice in every security guide I've seen!). I've never seen a corporate VOIP that supports instant messaging, but there are a couple of web-based VOIPs that support it. I figure it's more rare and hopping would be FAR more dangerous/vulnerable than spam/spim.
Who writes these questions?!?!
Vishing is an obvious choice. However, all the others are questionable. Considering what's left, I'd say SPIM is the best logical conclusion (SPIT would be better but not listed). If you agree with credential harvesting, you have to agree with Phishing because that's how Professor Messer says credential harvesting takes place (by sending a malicious attachment over email and a user clicking it). Hopping from what I looked up has to do with moving around different avenues to gain access to a system or environment. I guess it could include using the phone. However, I looked up IM over VOIP and it appears to be possible. I could be wrong though. If I get the question, I'm going with A and B on the test.
In the DION course the below is stated. SMS messages may be accessible to attackers via VoIP or other systems. AB it is for me
NIST's SP 800-63-3 recommends that SMS messages be deprecated as a means of delivering a second factor for multifactor authentication because they may be accessible to attackers.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
serginljr
Highly Voted 1 year, 7 months agoNerdAlert
1 year agouser82
1 year agoMENAMONGMEN
1 year agoBlackMamba_4
9 months agok9_462
Highly Voted 1 year, 7 months agoSkimbeeble
2 months, 3 weeks agok9_462
1 year, 7 months agoshady23
Most Recent 1 day, 9 hours agoshady23
1 day, 9 hours agothea_smith
2 days, 5 hours agochriseatmon25
3 days, 4 hours agofryderyk
1 month, 2 weeks agoJustJess
1 month, 2 weeks agoBD69
1 month, 4 weeks agoNoConfusion
2 months agoBD69
1 month, 4 weeks agoBD69
1 month ago6809276
2 months ago8c4769c
3 months, 1 week agothea_smith
3 months, 2 weeks agoBD69
1 month, 4 weeks agohuncho22
3 months, 1 week agoCaffa
2 months, 2 weeks agoChase6890
3 months, 2 weeks agoDrCo6991
4 months ago_deleteme_
4 months, 2 weeks agolsalc
4 months, 2 weeks agoComPCertOn
5 months, 2 weeks ago