A network administrator needs to implement an authentication system for an internal network. A key security requirement is to prevent user passwords from being sent over the network after the initial login. Instead, the system must issue temporary, encrypted tokens from a trusted central service that grant access to various network resources. Which of the following authentication protocols would best meet this requirement?
Kerberos is the correct choice as it is specifically designed to use a trusted third-party, the Key Distribution Center (KDC), which includes a Ticket-Granting Service (TGS), to provide secure access to resources. It avoids transmitting passwords over the network by using a system of encrypted tickets. DirectAccess is a Microsoft remote access technology, not primarily a ticket-based authentication protocol for internal resources. "Simple Sign-On" is a distractor that sounds like Single Sign-On (SSO), which is a capability, not a specific ticket-granting protocol itself. "Network Access Token" is not a standard, recognized authentication protocol.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does the ticket-granting process in Kerberos work?
Open an interactive chat with Bash
Why is Kerberos considered secure against eavesdropping and replay attacks?
Open an interactive chat with Bash
What is the role of the Key Distribution Center (KDC) in Kerberos?