Kerberos Question

n3tw0rk3rn3tw0rk3r Posts: 17Member ■□□□□□□□□□
So I was taking a practice exam and I happened to come across the following question...

Q: Company A deploys Kerberos on the network. What does Kerberos need to function properly? (Choose TWO)

A. Kerberos requires a key distribution center
B. Kerberos requires POP3
C. Kerberos requires extranets
D. Kerberos requires accurate network time
E. Kerberos requires SSL/TLS

Now, the practice exam said the correct answers were B & E. However, I don't think that's right as I have never seen anything relating those two protocols to Kerberos. I would have thought the correct answers would be A and D. Can anyone confirm this for me?

Comments

  • Gholden85Gholden85 Posts: 10Member ■□□□□□□□□□
    Although not the most official place to get information from, but if you take a look at Kerberos (protocol) - Wikipedia, the free encyclopedia you can see that from those choices there, the ones you selected are correct. It should be A & D.

    Right under Protocol and the subheading Description it says:

    " The client authenticates itself to the AS which forwards the username to a Key Distribution Center (KDC). The KDC issues a Ticket Granting Ticket (TGT), which is time stamped..."

    Answer B and C are not related to the questions.

    Answer E: Towards the end of the document there is a reference to an RFC 6251 "Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol", but this seems a new application because Kerberos has been deployed since before SSL/TLS existed.
  • Carl_S_901Carl_S_901 Posts: 105Member
    n3tw0rk3r wrote: »
    So I was taking a practice exam and I happened to come across the following question...

    Q: Company A deploys Kerberos on the network. What does Kerberos need to function properly? (Choose TWO)

    A. Kerberos requires a key distribution center
    B. Kerberos requires POP3
    C. Kerberos requires extranets
    D. Kerberos requires accurate network time
    E. Kerberos requires SSL/TLS

    Now, the practice exam said the correct answers were B & E. However, I don't think that's right as I have never seen anything relating those two protocols to Kerberos. I would have thought the correct answers would be A and D. Can anyone confirm this for me?


    A & D is the correct answer. I will quite from Darril Gibson's book (Available here: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide):

    Kerberos includes several requirements in order for it to work properly. They are:

    A method of issuing tickets used for authentication. The Key Distribution Center (KDC) uses a complex process of issuing ticket-granting tickets, which are later presented to request tickets used to access objects. These tickets are sometimes referred to as tokens, but they are logical tokens, not a key-fob type of token discussed in the something you have factor of authentication.

    Time synchronization. Kerberos version 5 requires all systems to be synchronized and within five minutes of each other. The clock that provides the time synchronization is used to time-stamp tickets, ensuring they expire correctly. This helps prevent replay attacks. In a replay attack, a third party attempts to impersonate a client after intercepting data captured in a session. However, if an attacker intercepts a ticket, the time stamp limits the amount of time an attacker can use the ticket.

    A database of subjects or users. In a Microsoft environment, this is Active Directory, but it could be any database of users.


    Gibson, Darril (2011-11-10). CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (pp. 28-29). . Kindle Edition.
    Carl S.

    Check out my personal certification journey blog
    http://carlscertjourney.wordpress.com/
  • Carl_S_901Carl_S_901 Posts: 105Member
    A & D is correct.

    I posted a longer explanation but it is awaiting moderation. (possibly because it had a link in it)

    See that post when it appears. ;)
    Carl S.

    Check out my personal certification journey blog
    http://carlscertjourney.wordpress.com/
  • n3tw0rk3rn3tw0rk3r Posts: 17Member ■□□□□□□□□□
    Haha, I look forward to reading it. But thanks for the quick response.
Sign In or Register to comment.