shieldCISSP Practice Domain 5 — Identity and Access Management (IAM) Q90 of 120

Which scenario is an example of a 'pass-the-ticket' attack?

A CISSP practice question covering Domain 5: Identity and Access Management (IAM). Try answering before reading the explanation below.

▶ Show options & answer

Reusing a captured Kerberos TGT or service ticket on another machine

✓ Correct answer

Replaying a password hash

Forging a JWT

Bruteforcing a PIN

Why "Reusing a captured Kerberos TGT or service ticket on another machine" is the right answer

Pass-the-ticket reuses Kerberos tickets directly. Pass-the-hash reuses NTLM hashes. JWT forgery requires the signing secret. PIN bruteforce attacks the credential itself, not a ticket.

Study videos for this topic

Want to go deeper on Domain 5? Watch the full breakdown — every video is free, no account, no upsell.

CISSP Domain 5: Authentication, MFA & Passkeys

Domain 5 — Identity and Access Management (IAM)

CISSP Domain 5: SSO, SAML, OAuth, OIDC & Kerberos

Domain 5 — Identity and Access Management (IAM)

CISSP Domain 5: DAC, MAC, RBAC, ABAC Explained

Domain 5 — Identity and Access Management (IAM)

CISSP Domain 5: Identity Lifecycle & PAM Explained

Domain 5 — Identity and Access Management (IAM)

Take the full CISSP practice test

120 questions, instant explanations, study-video links on every miss. No account.

Start full test →

Which scenario is an example of a 'pass-the-ticket' attack?

Study videos for this topic

Other practice tests