nerdexam
(ISC)2

CISSP · Question #66

Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

The correct answer is A. Challenge Handshake Authentication Protocol (CHAP). CHAP uses a challenge-response mechanism where a unique random number (nonce) is generated for each authentication session, preventing replay attacks.

Submitted by naveen.iyer· Mar 5, 2026Identity and Access Management

Question

Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

Options

  • AChallenge Handshake Authentication Protocol (CHAP)
  • BPoint-to-Point Protocol (PPP)
  • CExtensible Authentication Protocol (EAP)
  • DPassword Authentication Protocol (PAP)

How the community answered

(52 responses)
  • A
    92% (48)
  • B
    4% (2)
  • C
    2% (1)
  • D
    2% (1)

Why each option

CHAP uses a challenge-response mechanism where a unique random number (nonce) is generated for each authentication session, preventing replay attacks.

AChallenge Handshake Authentication Protocol (CHAP)Correct

CHAP authenticates by having the authenticator send a random challenge value unique to each session; the peer hashes this challenge with its password using MD5, and the result is verified without ever transmitting the password itself. This per-session random challenge prevents replay attacks and ensures credentials cannot be reused across sessions.

BPoint-to-Point Protocol (PPP)

PPP is a data link layer encapsulation protocol used to establish direct connections between two nodes, not an authentication protocol itself, though it can carry authentication protocols like CHAP or PAP.

CExtensible Authentication Protocol (EAP)

EAP is an authentication framework that supports multiple authentication methods but is not itself a protocol that generates a unique random number per session - it acts as a carrier for other authentication mechanisms.

DPassword Authentication Protocol (PAP)

PAP transmits the username and password in cleartext with no challenge mechanism and no per-session random number, making it vulnerable to replay attacks and eavesdropping.

Concept tested: CHAP challenge-response per-session authentication mechanism

Source: https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-chapms-v2

Topics

#authentication protocols#CHAP#replay attacks

Community Discussion

No community discussion yet for this question.

Full CISSP Practice