SSCP Question #158: Real Exam Question with Answer & Explanation

The correct answer is C: both physical attacks and attacks from malicious code.. The Kerberos Key Distribution Center (KDC) - which includes the Authentication Server (AS) and the Ticket-Granting Server (TGS) - stores the secret keys for all principals and performs all authentication decisions. Because these servers are the central trust anchor of the entire

Submitted by jaden.t· Apr 18, 2026Systems and Application Security

Question

Because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to:

Options

Aneither physical attacks nor attacks from malicious code.
Bphysical attacks only
Cboth physical attacks and attacks from malicious code.
Dphysical attacks but not attacks from malicious code.

Explanation

The Kerberos Key Distribution Center (KDC) - which includes the Authentication Server (AS) and the Ticket-Granting Server (TGS) - stores the secret keys for all principals and performs all authentication decisions. Because these servers are the central trust anchor of the entire Kerberos realm, they represent a high-value single point of attack. They are vulnerable to physical attacks (an attacker gaining physical access could steal keys or clone the hardware) and to malicious code attacks (malware, rootkits, or insider threats could extract keys or forge tickets from the running system). Both attack surfaces must be protected.

Topics

#Kerberos#Server Security#Authentication Systems Security#Attack Vectors

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions