Here is a tough one for those preparing for the upcoming CISA exam.

Q). Which of the following is a correct statement about Kerberos?

a) It is a second party authentication system.
b) It depends upon symmetric ciphers.
c) It encrypts data after a ticket is granted, but passwords are
exchanged in plain text.
d) It utilizes public key cryptography.

Answer: The correct answer is "b". Kerberos is a third party authentication system that uses private key (a.k.a symmetric cipher) cryptography. The 'Kerberos' protocol name is based on the three headed dog figure from Greek mythology known as Kerberos. The three heads of Kerberos comprise the Key Distribution Center (KDC), the client user and the server with the desired service to access. For more information on how kerberos works, you can check out these two links here and here.

Related CISA Exam Questions

Data Warehousing & Data Mining
Test Data System Validation
COBIT IT Framework
Third Party Service Providers