In Kerberos, what token is issued to an authenticated account to allow access to authorized application servers?

• A. Ticket Granting Ticket (TGT)
• B. Service Ticket (ST)
• C. Kerberos Token
• D. Access Ticket

Answer: (A)

In Kerberos, the token that grants access to a specific application server is the Service Ticket. Here’s how it fits into the flow: after the user proves their identity to the Authentication Service and receives a Ticket Granting Ticket, they can request access to a particular service by presenting that TGT to the Ticket Granting Service. The TGS then issues a Service Ticket for the target server. The client presents this Service Ticket to the application server to gain access. The Service Ticket is encrypted for that server, contains the user’s identity and a session key, and has a limited lifetime, ensuring the server can verify who the client is and establish a secure session. The Ticket Granting Ticket isn’t used directly to access services; it’s just the credential used to obtain those service tickets. The other options don’t correspond to the standard Kerberos mechanism for accessing application servers.