CISSP-ISSAP · Question #65
Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?
The correct answer is C. Kerberos. Kerberos is the only protocol among these options that uses a Key Distribution Center (KDC) - a trusted third party that issues tickets (TGTs and service tickets) to authenticate users and services without transmitting passwords over the network. PAP (Password Authentication Prot
Question
Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?
Options
- ACHAP
- BPAP
- CKerberos
- DTACACS
How the community answered
(37 responses)- A3% (1)
- B5% (2)
- C89% (33)
- D3% (1)
Explanation
Kerberos is the only protocol among these options that uses a Key Distribution Center (KDC) - a trusted third party that issues tickets (TGTs and service tickets) to authenticate users and services without transmitting passwords over the network. PAP (Password Authentication Protocol) sends credentials in plaintext and has no third-party involvement, making it both insecure and KDC-free. CHAP (Challenge Handshake Authentication Protocol) uses a challenge-response mechanism with shared secrets but operates peer-to-peer without a central key authority. TACACS (Terminal Access Controller Access-Control System) is an AAA framework used for device administration that relies on a centralized server, but it is not KDC-based and does not use the ticket-granting model.
Memory tip: Think "Kerberos = KDC" - both start with K. Kerberos was literally named after the three-headed dog guarding the underworld, and its three "heads" map nicely to the three KDC components: the Authentication Server (AS), Ticket Granting Server (TGS), and the client/service.
Topics
Community Discussion
No community discussion yet for this question.