Which of the following statements pertaining to using Kerberos without any extension is FALSE?
A.
A client can be impersonated by password-guessing.
B.
Kerberos is mostly a third-party authentication protocol.
C.
Kerberos uses public key cryptography.
D.
Kerberos provides robust authentication.
Explanation:
Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT.
Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a
client requires services.
Because a client’s password is used in the initiation of the Kerberos request for the service protocol, password
guessing can be used to impersonate a client.
Kerberos does not use public key cryptography (asymmetric); it uses symmetric key cryptography.
Incorrect Answers:
A: It is true that a client can be impersonated by password-guessing.
B: It is true that Kerberos is mostly a third-party authentication protocol.
D: It is true that Kerberos provides robust authentication.Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 64
http://www.ietf.org/rfc/rfc4556txt