nerdexam
Cisco

200-101 · Question #56

Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)

The correct answer is B. CHAP uses a three-way handshake. C. CHAP authentication periodically occurs after link establishment.. CHAP (Challenge Handshake Authentication Protocol) uses a three-way handshake: (1) the authenticator sends a Challenge, (2) the peer responds with an MD5 hash of the challenge plus the shared secret, (3) the authenticator sends an Accept or Reject. This is three steps, not two (t

Implement Wide-Area Networks

Question

Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)

Exhibit

200-101 question #56 exhibit

Options

  • ACHAP uses a two-way handshake.
  • BCHAP uses a three-way handshake.
  • CCHAP authentication periodically occurs after link establishment.
  • DCHAP authentication passwords are sent in plaintext.
  • ECHAP authentication is performed only upon link establishment.
  • FCHAP has no protection from playback attacks.

How the community answered

(52 responses)
  • B
    94% (49)
  • D
    4% (2)
  • E
    2% (1)

Explanation

CHAP (Challenge Handshake Authentication Protocol) uses a three-way handshake: (1) the authenticator sends a Challenge, (2) the peer responds with an MD5 hash of the challenge plus the shared secret, (3) the authenticator sends an Accept or Reject. This is three steps, not two (two-way is PAP). CHAP also re-authenticates periodically throughout the life of the link - not just at initial establishment - which makes it harder to hijack an established session. CHAP never sends the password in plaintext; it only transmits the MD5 hash. The random challenge value changes each time, providing protection against replay attacks.

Topics

#CHAP#PPP authentication#three-way handshake#security

Community Discussion

No community discussion yet for this question.

Full 200-101 Practice