In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?

A.
Identification

B.
Authorization

C.
Authentication

D.
Multifactor authentication

Explanation:
An authentication ticket, also known as a ticket-granting ticket (TGT), is a small amount of encrypted data
that is issued by a server in the Kerberos authentication model to begin the authentication process. When
the client receives an authentication ticket, the client sends the ticket back to the server along with
additional information verifying the client’s identity. The server then issues a service ticket and a session
key (which includes a form of password), completing the authorization process for that session.
In the Kerberos model, all tickets are time-stamped and have limited lifetimes. This minimizes the danger
that hackers will be able to steal or crack the encrypted data and use it to compromise the system.
Ideally, no authentication ticket remains valid for longer than the time an expert hacker would need to
crack the encryption. Authentication tickets are session-specific, further improving the security of the
system by ensuring that no authentication ticket remains valid after a given session is complete.
Incorrect Answers:
A, B: The Ticket Granting Ticket (TGT) is used for authentication and not for identification or
authorization.
D: Multifactor authentication pools two or more independent credentials:
What the user knows (password)
What the user has (security token)
What the user is (biometric verification).

http://searchenterprisedesktop.techtarget.com/definition/authentication-ticket
http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA