Certified Information Systems Security Professional (CISSP) — Question 186

A security engineer is conducting an audit of an organization’s Voice over Internet Protocol (VoIP) phone network due to a large increase in charges from their phone provider. The engineer discovers unauthorized endpoints have connected to the phone server from the public internet and placed hundreds of unauthorized calls to parties around the globe. Which type of attack occurred?

Answer options

• A. Control eavesdropping
• B. Toll fraud
• C. Call hijacking
• D. Address spoofing

Correct answer: B

Explanation

The correct answer is B, Toll fraud, which refers to the unauthorized use of a telecommunications system to make calls, resulting in unexpected charges. The other options do not accurately describe this situation; Control eavesdropping involves intercepting calls, Call hijacking refers to taking over an existing call, and Address spoofing involves falsifying the origin of a call rather than making unauthorized calls.