The correct answer is Susceptible to both physical tampering and malicious software infections.

Kerberos Ticket Granting Service and authentication servers function as key distribution centers and they store long lived secret keys for many principals. Because they hold those secrets they are high value targets and are therefore vulnerable to attackers who can gain physical access and to attackers who can install or run malicious software on them.

Physical tampering can allow an attacker to extract keys or firmware and bypass protections by accessing hardware directly. Malicious software infections can capture keys from memory, alter authentication logic, or exfiltrate credentials over the network. Both attack classes can lead to full compromise of the authentication service.

Susceptible only to attacks from malicious software is incorrect because it ignores the serious risk from physical access and hardware compromise which can give direct access to stored keys.

Susceptible to credential guessing and offline password cracking attacks is incorrect because those attacks target user passwords or captured hashes and are not the primary risks to a server that centrally stores long term keys. The server is more at risk from direct compromise through tampering or malware than from simple guessing attacks against individual credentials.

Susceptible only to physical tampering is incorrect because it overlooks the real threat posed by malware which can remotely extract keys or subvert the authentication process without any physical access.

Full AWS Practitioner Certification Question