CompTIA Security+ (SY0-501) — Question 872

An internal intranet site is required to authenticate users and restrict access to content to only those who are authorized to view it. The site administrator previously encountered issues with credential spoofing when using the default NTLM setting and wants to move to a system that will be more resilient to replay attacks. Which of the following should the administrator implement?

Answer options

• A. NTLMv2
• B. TACACS+
• C. Kerberos
• D. Shibboleth

Correct answer: C

Explanation

Kerberos is the correct choice because it uses strong encryption and requires mutual authentication, making it more resistant to replay attacks compared to NTLM. NTLMv2, while an improvement over NTLM, still does not provide the same level of security. TACACS+ is primarily used for network device access, and Shibboleth is focused on single sign-on and federated identity management, which do not directly address the issue at hand.