SSCP Question #912: Real Exam Question with Answer & Explanation

The correct answer is B: The initial authentication steps are done using public key algorithm.. This is false because core Kerberos uses symmetric (secret-key) cryptography throughout, including the initial Authentication Service exchange. The client and KDC share a long-term secret key derived from the user's password. Public key cryptography only enters Kerberos via the o

Submitted by anna_se· Apr 18, 2026Access Controls

Question

Which of the following is NOT true of the Kerberos protocol?

Options

AOnly a single login is required per session.
BThe initial authentication steps are done using public key algorithm.
CThe KDC is aware of all systems in the network and is trusted by all of them
DIt performs mutual authentication

Explanation

This is false because core Kerberos uses symmetric (secret-key) cryptography throughout, including the initial Authentication Service exchange. The client and KDC share a long-term secret key derived from the user's password. Public key cryptography only enters Kerberos via the optional PKINIT extension. The other statements are all true: Kerberos requires only a single logon per session (A), the KDC is trusted by all network entities (C), and it performs mutual authentication - both client and server verify each other's identity (D).

Topics

#Kerberos#Authentication#Symmetric Cryptography#Access Control Protocols

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions