New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 SSCP Exam - Topic 4 Question 102 Discussion

Actual exam question for ISC2's SSCP exam
Question #: 102
Topic #: 4
[All SSCP Questions]

Kerberos is vulnerable to replay in which of the following circumstances?

Show Suggested Answer Hide Answer
Suggested Answer: C

Replay can be accomplished on Kerberos if the compromised tickets are used within an allotted time window.

The security depends on careful implementation:enforcing limited lifetimes for authentication credentials minimizes the threat of of replayed credentials, the KDC must be physically secured, and it should be hardened, not permitting any non-kerberos activities.


Official ISC2 Guide to the CISSP, 2007 Edition, page 184

also see:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 42.

by Angella at May 05, 2025, 01:41 AM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dahlia
2 months ago
D is a possibility too, but I lean towards C.
upvoted 0 times
...
Lenna
2 months ago
Wait, are we sure about C? Seems too easy.
upvoted 0 times
...
Maryann
2 months ago
It's definitely C, tickets are key in Kerberos!
upvoted 0 times
...
Antione
3 months ago
Public keys aren't the issue here, so B is out.
upvoted 0 times
...
Viva
3 months ago
I thought it was A at first, but C makes more sense.
upvoted 0 times
...
Howard
3 months ago
I feel like I read that the KSD isn't usually a factor in replay attacks, so I would lean towards C as the answer.
upvoted 0 times
...
Melina
3 months ago
I’m a bit confused. I thought replay attacks could happen with private keys as well. Is it A or C?
upvoted 0 times
...
Elly
4 months ago
I remember practicing a question similar to this, and I think it was about compromised tickets too. C sounds right to me.
upvoted 0 times
...
Johana
4 months ago
I think replay attacks are mostly about ticket vulnerabilities, so maybe it's C? But I'm not entirely sure.
upvoted 0 times
...
Latia
4 months ago
I think the key here is understanding how Kerberos works and the different components that could be compromised. Based on that, I'm going to go with C - when a ticket is compromised within an allotted time window.
upvoted 0 times
...
Paris
4 months ago
I'm a little confused by this question. I know Kerberos is vulnerable to replay attacks, but I'm not sure I fully understand the different ways that could happen. I'll have to review my notes and try to reason through this.
upvoted 0 times
...
Claudia
4 months ago
Okay, let me see. I remember from the lectures that Kerberos uses tickets to authenticate users, so I'm guessing the answer has something to do with those tickets being compromised. I'll go with C.
upvoted 0 times
...
Coletta
5 months ago
Hmm, I'm a bit unsure about this one. I know Kerberos is vulnerable to replay attacks, but I'm not sure which specific circumstance the question is asking about. I'll have to think this through carefully.
upvoted 0 times
...
Anisha
5 months ago
This one seems pretty straightforward. I think the answer is C - when a ticket is compromised within an allotted time window.
upvoted 0 times
...
Cecilia
8 months ago
I think Reiko might be right, because if the private key is compromised, it could lead to replay attacks.
upvoted 0 times
...
Reiko
8 months ago
I'm not sure, but I think it could also be A) When a private key is compromised within an allotted time window.
upvoted 0 times
...
Iraida
9 months ago
I agree with Tamar, because the ticket is what is used for authentication in Kerberos.
upvoted 0 times
...
Tamar
9 months ago
I think the answer is C) When a ticket is compromised within an allotted time window.
upvoted 0 times
...
Gerald
9 months ago
Fear not, fellow candidates! I, Gerald, shall guide you to the promised land of Kerberos security. The answer, of course, is C. Tickets are the Achilles' heel of this mighty authentication protocol.
upvoted 0 times
Azalee
8 months ago
D) When the KSD is compromised within an allotted time window.
upvoted 0 times
...
Catarina
8 months ago
C) When a ticket is compromised within an allotted time window.
upvoted 0 times
...
Percy
9 months ago
B) When a public key is compromised within an allotted time window.
upvoted 0 times
...
Isaac
9 months ago
A) When a private key is compromised within an allotted time window.
upvoted 0 times
...
...
Sylvie
9 months ago
Ah, the age-old Kerberos dilemma. If only we could all be as secure as a Kerberos ticket, am I right? C is the answer, no doubt about it.
upvoted 0 times
...
Frederic
9 months ago
C is the way to go, folks. Kerberos may be secure, but even it can't escape the dreaded ticket compromise. Time to brush up on my Kerberos trivia!
upvoted 0 times
...
Noel
10 months ago
Hmm, I was going to say D, but now I'm not so sure. Gotta love these Kerberos questions, they really keep you on your toes!
upvoted 0 times
Zona
9 months ago
I think it's C too, replay attacks can be tricky to spot.
upvoted 0 times
...
Quentin
9 months ago
C) When a ticket is compromised within an allotted time window.
upvoted 0 times
...
Sabra
9 months ago
A) When a private key is compromised within an allotted time window.
upvoted 0 times
...
...
Kenneth
10 months ago
I think the answer is C. A ticket being compromised within a certain time window is the vulnerability that Kerberos is susceptible to.
upvoted 0 times
Oneida
8 months ago
I'm not sure, but I think it's D. The KSD being compromised within the time window seems like a vulnerability.
upvoted 0 times
...
Louvenia
9 months ago
Actually, I think it's A. A compromised private key within the time window is the vulnerability.
upvoted 0 times
...
Polly
9 months ago
I agree, the answer is C. A compromised ticket within the time window is the vulnerability.
upvoted 0 times
...
...

Save Cancel