Home » Cisco » 200-101 » Which two statements about using the CHAP authentication mechanism in a PPP link are true?
Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)
A. CHAP uses a two-way handshake.
B. CHAP uses a three-way handshake.
C. CHAP authentication periodically occurs after link establishment.
D. CHAP authentication passwords are sent in plaintext.
E. CHAP authentication is performed only upon link establishment.
F. CHAP has no protection from playback attacks.
Correct Answer: BC
Explanation/Reference:
Explanation:
Understanding and Configuring PPP CHAP Authentication http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml
One-Way and Two-Way Authentication
CHAP is defined as a one-way authentication method. However, you use CHAP in both directions to create a two-way authentication. Hence, with twoway CHAP, a separate three-way handshake is initiated by each side. In the Cisco CHAP implementation, by default, the called party must authenticate the calling party (unless authentication is completely turned off). Therefore, a one-way authentication initiated by the called party is the minimum possible authentication. However, the calling party can also verify the identity of the called party, and this results in a two-way authentication.
One-way authentication is often required when you connect to non-Cisco devices.
why – C. CHAP authentication periodically occurs after link establishment??
Yes it does, unlike PAP which authenticates only at the of the session