SSCP Question #896: Real Exam Question with Answer & Explanation

The correct answer is C: When a ticket is compromised within an allotted time window.. Kerberos mitigates replay attacks through short-lived tickets with timestamps and a defined validity window (typically 5–10 minutes). However, if an attacker captures a valid Kerberos ticket and replays it before it expires (within the allotted time window), the authentication se

Submitted by yousef_jo· Apr 18, 2026Access Controls

Question

Kerberos is vulnerable to replay in which of the following circumstances?

Options

AWhen a private key is compromised within an allotted time window.
BWhen a public key is compromised within an allotted time window.
CWhen a ticket is compromised within an allotted time window.
DWhen the KSD is compromised within an allotted time window.

Explanation

Kerberos mitigates replay attacks through short-lived tickets with timestamps and a defined validity window (typically 5–10 minutes). However, if an attacker captures a valid Kerberos ticket and replays it before it expires (within the allotted time window), the authentication server may accept it as legitimate. Once the ticket expires, the replay is rejected. Kerberos uses symmetric (secret) keys - not private/public keys - so options A and B are incorrect. 'KSD' is not a standard Kerberos component, making D incorrect.

Topics

#Kerberos#Authentication Protocols#Replay Attacks#Vulnerabilities

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions