Which authentication protocol is well suited to untrusted networks and encrypts authentication traffic by default?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the CCST Cybersecurity Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which authentication protocol is well suited to untrusted networks and encrypts authentication traffic by default?

Explanation:
Kerberos uses a ticket-based system with a trusted Key Distribution Center (KDC), which makes it well suited for untrusted networks. When you log in, you don’t send your password over the network after the initial step. Instead, you obtain a ticket-granting ticket from the KDC, and then use that to request service tickets for the resources you need. Each of these tickets, and the messages that carry them, are encrypted with session keys derived from shared secrets, so authentication traffic is protected by encryption by default. This means credentials are never exposed in transit and the tickets have limited lifetimes, reducing the risk from eavesdropping or replay. Time synchronization is also used to prevent replay attacks. By contrast, the other options either focus on authorization or federation and rely on TLS or other mechanisms for security, rather than providing the built-in ticket-based, end-to-end encrypted authentication flow that Kerberos offers.

Kerberos uses a ticket-based system with a trusted Key Distribution Center (KDC), which makes it well suited for untrusted networks. When you log in, you don’t send your password over the network after the initial step. Instead, you obtain a ticket-granting ticket from the KDC, and then use that to request service tickets for the resources you need. Each of these tickets, and the messages that carry them, are encrypted with session keys derived from shared secrets, so authentication traffic is protected by encryption by default. This means credentials are never exposed in transit and the tickets have limited lifetimes, reducing the risk from eavesdropping or replay. Time synchronization is also used to prevent replay attacks. By contrast, the other options either focus on authorization or federation and rely on TLS or other mechanisms for security, rather than providing the built-in ticket-based, end-to-end encrypted authentication flow that Kerberos offers.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy