CISSP – Information Systems Security Architecture Professional (ISSAP) — Question 60

Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme? Each correct answer represents a complete solution.
Choose all that apply.

Answer options

• A. Kerberos requires continuous availability of a central server.
• B. Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject's passwords.
• C. Kerberos builds on Asymmetric key cryptography and requires a trusted third party.
• D. Kerberos requires the clocks of the involved hosts to be synchronized.

Correct answer: A, D, B

Explanation

Option A is correct because Kerberos relies on a central Key Distribution Center (KDC) to authenticate users. Option D is also correct as time synchronization is crucial for ticket validity in Kerberos. Option B, while true, is not a complete solution in the context of the question, as it does not pertain to the core functioning of Kerberos but rather to potential vulnerabilities. Option C is incorrect because Kerberos primarily uses symmetric key cryptography, not asymmetric.