| 1. |
C and E Integrity and loss of control are typically terms to describe one's personal life rather than IP telephony security. |
| 2. |
B and F Secure signaling is accomplished through Transport Layer Security (TLS). This security is crucial because CallManager sends the keys for SRTP (which secures the media) through signaling to the IP phone. |
| 3. |
D and F The trusted introducer and its clients must trust the root of a system. The root guarantees the identity of the trusted introducer. Only the trusted introducer can guarantee the authenticity of any member of the system. |
| 4. |
C and D In Cisco IP telephony PKI infrastructures, the CAPF has a self-signed certificate because the IP phones refer to this as the CA of the PKI. Only the Cisco IP Phone 7940, 7960, and 7970 (and subsequent) models can have LSCs because these are the only models that support device security at this point. |
| 5. |
C and F Securing enrollment through a PKI can be a sticky situation. The best method is to perform the enrollment over a trusted network (or significantly secured public network). Otherwise, you must manually perform mutual out-of-band authentication between the PKI user and CA. |
| 6. |
C CAPF enrollment supports the use of authentication strings. This is known as the manual enrollment method, which requires the administrator to visit each IP phone he wants to enroll and enter the correct string from the CAPF. |
| 7. |
B The CTL client uses a smart token for key storage. This smart token exists on a USB key attached to the server running the CTL client. The smart token never leaves the key, but, rather, acts as a separate authentication engine to validate the CTL. |
| 8. |
D TLS allows both the server and the IP phone to authenticate each other through a signed certificate. This also allows them to authenticate the signaling message to ensure they came from the correct source. |
| 9. |
B and D Certificates are only exchanged between the Cisco CallManager server and the IP phone. The IP phones themselves do not exchange certificates directly. Likewise, the encrypted transmission of SRTP session keys occurs between the IP phones and the Cisco CallManager rather than between the IP phones. |
| 10. |
E The most accurate list of tasks is to enable services, set cluster to mixed mode, create a signed CTL, deploy certificates to the IP phones, and set the device security mode. |