CISSP · Question #66
Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?
The correct answer is A. Challenge Handshake Authentication Protocol (CHAP). CHAP uses a challenge-response mechanism where a unique random number (nonce) is generated for each authentication session, preventing replay attacks.
Question
Options
- AChallenge Handshake Authentication Protocol (CHAP)
- BPoint-to-Point Protocol (PPP)
- CExtensible Authentication Protocol (EAP)
- DPassword Authentication Protocol (PAP)
How the community answered
(52 responses)- A92% (48)
- B4% (2)
- C2% (1)
- D2% (1)
Why each option
CHAP uses a challenge-response mechanism where a unique random number (nonce) is generated for each authentication session, preventing replay attacks.
CHAP authenticates by having the authenticator send a random challenge value unique to each session; the peer hashes this challenge with its password using MD5, and the result is verified without ever transmitting the password itself. This per-session random challenge prevents replay attacks and ensures credentials cannot be reused across sessions.
PPP is a data link layer encapsulation protocol used to establish direct connections between two nodes, not an authentication protocol itself, though it can carry authentication protocols like CHAP or PAP.
EAP is an authentication framework that supports multiple authentication methods but is not itself a protocol that generates a unique random number per session - it acts as a carrier for other authentication mechanisms.
PAP transmits the username and password in cleartext with no challenge mechanism and no per-session random number, making it vulnerable to replay attacks and eavesdropping.
Concept tested: CHAP challenge-response per-session authentication mechanism
Source: https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-chapms-v2
Topics
Community Discussion
No community discussion yet for this question.