CompTIA CASP+ Practice Test

What security control should be implemented to detect potential SPIT attacks on a VoIP system?

• A. Network segmentation
• B. SIP and SRTP traffic analysis
• C. Intrusion detection systems
• D. Firewall rules

The correct answer is: SIP and SRTP traffic analysis

To detect potential SPIT (Spam over Internet Telephony) attacks on a VoIP system, implementing SIP (Session Initiation Protocol) and SRTP (Secure Real-time Transport Protocol) traffic analysis is critical. This choice focuses on monitoring the signaling and media streams that are specifically associated with VoIP communications. SIP traffic analysis allows organizations to identify unusual patterns indicative of SPIT, such as an excessive number of calls from the same source or calls that are being made to invalid endpoints. Anomalies in call behavior can signal potential spam or malicious activity that would not be easily detectable by broader measures. Additionally, analyzing SRTP can ensure that media streams remain secure while still allowing the detection of potential abuse scenarios. Other options, while important components of a comprehensive security strategy, do not specifically target the detection of SPIT. Network segmentation helps protect resources by isolating different parts of a network but does not analyze traffic for spam detection. Intrusion detection systems can identify a range of threats but may require customization to effectively monitor VoIP-related spam. Firewall rules can control access and filter unwanted traffic but may not specifically flag traffic that indicates SPIT unless they are particularly tailored for VoIP usage. Therefore, focusing on SIP and SRTP traffic analysis provides the most