SY0-501 Question #5: Real Exam Question with Answer & Explanation

Question

A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?

Options

• ALDAP services
• BKerberos services
• CNTLM services
• DCHAP services

Explanation

Kerberos is the correct choice because it is specifically designed to provide mutual authentication (both the client and server verify each other's identity) and supports delegation (allowing a service to act on behalf of a user to access other services), making it ideal for securing authentication servers in enterprise environments.

Why the others are wrong:

• LDAP (A) is a directory services protocol used to query and manage directory information (like user accounts), not primarily an authentication mechanism with mutual auth or delegation capabilities.
• NTLM (C) is an older Microsoft challenge-response authentication protocol that does not support mutual authentication or delegation efficiently, and is considered less secure than Kerberos.
• CHAP (D) is a point-to-point authentication protocol that uses a challenge-response method to verify identity, but it lacks mutual authentication and has no delegation capability.

Memory Tip: Think of Kerberos as the "three-headed dog" (from Greek mythology) - one head for the client, one for the server, and one for the KDC (Key Distribution Center) - all three must work together, which naturally enforces mutual trust (authentication) and delegation. If you see both terms together on an exam, Kerberos is almost always the answer.

No community discussion yet for this question.