NCTI Field Tech II to III Complete Practice Exam 2025

Shared key authentication is considered insecure primarily because challenge text is sent unprotected. In this authentication scheme, a challenge is issued from one party to another and the response must be generated based on that challenge using the shared secret key. If the challenge text is sent in plaintext without any form of encryption or protection, it becomes vulnerable to interception by attackers.

An attacker monitoring network traffic can easily capture the challenge, which may then allow them to replicate the response needed to authenticate themselves as a legitimate user, thereby gaining unauthorized access. This weakness highlights the importance of protecting all elements of the authentication process, not just the credentials themselves. The other options may reference specific aspects of security but do not address the critical issue of the transmission of unprotected challenge text directly contributing to potential vulnerabilities in shared key authentication.