200-101 · Question #56
Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)
The correct answer is B. CHAP uses a three-way handshake. C. CHAP authentication periodically occurs after link establishment.. CHAP (Challenge Handshake Authentication Protocol) uses a three-way handshake: (1) the authenticator sends a Challenge, (2) the peer responds with an MD5 hash of the challenge plus the shared secret, (3) the authenticator sends an Accept or Reject. This is three steps, not two (t
Question
Exhibit
Options
- ACHAP uses a two-way handshake.
- BCHAP uses a three-way handshake.
- CCHAP authentication periodically occurs after link establishment.
- DCHAP authentication passwords are sent in plaintext.
- ECHAP authentication is performed only upon link establishment.
- FCHAP has no protection from playback attacks.
How the community answered
(52 responses)- B94% (49)
- D4% (2)
- E2% (1)
Explanation
CHAP (Challenge Handshake Authentication Protocol) uses a three-way handshake: (1) the authenticator sends a Challenge, (2) the peer responds with an MD5 hash of the challenge plus the shared secret, (3) the authenticator sends an Accept or Reject. This is three steps, not two (two-way is PAP). CHAP also re-authenticates periodically throughout the life of the link - not just at initial establishment - which makes it harder to hijack an established session. CHAP never sends the password in plaintext; it only transmits the MD5 hash. The random challenge value changes each time, providing protection against replay attacks.
Topics
Community Discussion
No community discussion yet for this question.
