Certified Information Systems Security Professional (CISSP) — Question 107

An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is concerned with unauthorized phone usage. The security consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal identification number (PIN) codes for each person in the organization. What is the BEST solution?

Answer options

• A. Have the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage.
• B. Have the administrator change the PIN regularly. Implement call detail records (CDR) reports to track usage.
• C. Use phone locking software to enforce usage and PIN policies. Inform the user to change the PIN regularly.
• D. Implement call detail records (CDR) reports to track usage.

Correct answer: A

Explanation

The correct answer is A because enforcing a policy to change the PIN regularly adds an extra layer of security, while CDR reports help track any unauthorized usage. Options B and C lack the comprehensive policy enforcement aspect needed for optimal security, and option D does not provide any preventive measures against unauthorized access.