nerdexam
(ISC)2

CISSP-ISSAP · Question #65

Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?

The correct answer is C. Kerberos. Kerberos is the only protocol among these options that uses a Key Distribution Center (KDC) - a trusted third party that issues tickets (TGTs and service tickets) to authenticate users and services without transmitting passwords over the network. PAP (Password Authentication Prot

Identity and Access Management (IAM) Architecture

Question

Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?

Options

  • ACHAP
  • BPAP
  • CKerberos
  • DTACACS

How the community answered

(37 responses)
  • A
    3% (1)
  • B
    5% (2)
  • C
    89% (33)
  • D
    3% (1)

Explanation

Kerberos is the only protocol among these options that uses a Key Distribution Center (KDC) - a trusted third party that issues tickets (TGTs and service tickets) to authenticate users and services without transmitting passwords over the network. PAP (Password Authentication Protocol) sends credentials in plaintext and has no third-party involvement, making it both insecure and KDC-free. CHAP (Challenge Handshake Authentication Protocol) uses a challenge-response mechanism with shared secrets but operates peer-to-peer without a central key authority. TACACS (Terminal Access Controller Access-Control System) is an AAA framework used for device administration that relies on a centralized server, but it is not KDC-based and does not use the ticket-granting model.

Memory tip: Think "Kerberos = KDC" - both start with K. Kerberos was literally named after the three-headed dog guarding the underworld, and its three "heads" map nicely to the three KDC components: the Authentication Server (AS), Ticket Granting Server (TGS), and the client/service.

Topics

#Kerberos#Key Distribution Center#Authentication Protocols#Identity Authentication

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice