Kerberos Question

n3tw0rk3r

So I was taking a practice exam and I happened to come across the following question...

Q: Company A deploys Kerberos on the network. What does Kerberos need to function properly? (Choose TWO)

A. Kerberos requires a key distribution center
B. Kerberos requires POP3
C. Kerberos requires extranets
D. Kerberos requires accurate network time
E. Kerberos requires SSL/TLS

Now, the practice exam said the correct answers were B & E. However, I don't think that's right as I have never seen anything relating those two protocols to Kerberos. I would have thought the correct answers would be A and D. Can anyone confirm this for me?

Gholden85

Although not the most official place to get information from, but if you take a look at Kerberos (protocol) - Wikipedia, the free encyclopedia you can see that from those choices there, the ones you selected are correct. It should be A & D.

Right under Protocol and the subheading Description it says:

" The client authenticates itself to the AS which forwards the username to a Key Distribution Center (KDC). The KDC issues a Ticket Granting Ticket (TGT), which is time stamped..."

Answer B and C are not related to the questions.

Answer E: Towards the end of the document there is a reference to an RFC 6251 "Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol", but this seems a new application because Kerberos has been deployed since before SSL/TLS existed.

Carl_S_901

n3tw0rk3r wrote: »

So I was taking a practice exam and I happened to come across the following question...

Q: Company A deploys Kerberos on the network. What does Kerberos need to function properly? (Choose TWO)

A. Kerberos requires a key distribution center
B. Kerberos requires POP3
C. Kerberos requires extranets
D. Kerberos requires accurate network time
E. Kerberos requires SSL/TLS

Now, the practice exam said the correct answers were B & E. However, I don't think that's right as I have never seen anything relating those two protocols to Kerberos. I would have thought the correct answers would be A and D. Can anyone confirm this for me?

A & D is the correct answer. I will quite from Darril Gibson's book (Available here: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide):

Gibson, Darril (2011-11-10). CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (pp. 28-29) wrote:

Kerberos includes several requirements in order for it to work properly. They are:

A method of issuing tickets used for authentication. The Key Distribution Center (KDC) uses a complex process of issuing ticket-granting tickets, which are later presented to request tickets used to access objects. These tickets are sometimes referred to as tokens, but they are logical tokens, not a key-fob type of token discussed in the something you have factor of authentication.

Time synchronization. Kerberos version 5 requires all systems to be synchronized and within five minutes of each other. The clock that provides the time synchronization is used to time-stamp tickets, ensuring they expire correctly. This helps prevent replay attacks. In a replay attack, a third party attempts to impersonate a client after intercepting data captured in a session. However, if an attacker intercepts a ticket, the time stamp limits the amount of time an attacker can use the ticket.

A database of subjects or users. In a Microsoft environment, this is Active Directory, but it could be any database of users.


Gibson, Darril (2011-11-10). CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (pp. 28-29). . Kindle Edition.

Carl_S_901

A & D is correct.

I posted a longer explanation but it is awaiting moderation. (possibly because it had a link in it)

See that post when it appears.

n3tw0rk3r

Haha, I look forward to reading it. But thanks for the quick response.