shieldCISSP Practice Domain 5 — Identity and Access Management (IAM) Q26 of 120

Which protocol uses tickets and a Key Distribution Center (KDC) to authenticate users to network services?

A CISSP practice question covering Domain 5: Identity and Access Management (IAM). Try answering before reading the explanation below.

▶ Show options & answer

SAML

Kerberos

✓ Correct answer

RADIUS

OAuth 2.0

Why "Kerberos" is the right answer

Kerberos uses a KDC (issuing TGTs and service tickets) and is the default authentication protocol for Windows Active Directory. SAML is browser-SSO via XML assertions. RADIUS is AAA for network access. OAuth 2.0 is delegated authorization, not direct user authentication.

Study videos for this topic

Want to go deeper on Domain 5? Watch the full breakdown — every video is free, no account, no upsell.

CISSP Domain 5: Authentication, MFA & Passkeys

Domain 5 — Identity and Access Management (IAM)

CISSP Domain 5: SSO, SAML, OAuth, OIDC & Kerberos

Domain 5 — Identity and Access Management (IAM)

CISSP Domain 5: DAC, MAC, RBAC, ABAC Explained

Domain 5 — Identity and Access Management (IAM)

CISSP Domain 5: Identity Lifecycle & PAM Explained

Domain 5 — Identity and Access Management (IAM)

Take the full CISSP practice test

120 questions, instant explanations, study-video links on every miss. No account.

Start full test →

Which protocol uses tickets and a Key Distribution Center (KDC) to authenticate users to network services?

Study videos for this topic

Other practice tests