|Exam 200-120||Question id=57||WAN Technologies|
Which statements about using the CHAP authentication mechanism in a PPP are true?
CHAP uses a two-way handshake.|
CHAP uses a three-way handshake.|
CHAP authentication periodically occurs after link establishment.|
CHAP authentication passwords are sent in plaintext.|
CHAP authentication is performed only upon link establishment.|
CHAP has no protection from playback attacks.|
CHAP is defined as a one-way authentication method. However, you use CHAP in both directions to create a two-way authentication. Hence, with two-way CHAP, a separate three-way handshake is initiated by each side. In the Cisco CHAP implementation, by default, the called party must authenticate the calling party (unless authentication is completely turned off). Therefore, a one-way authentication initiated by the called party is the minimum possible authentication. However, the calling party can also verify the identity of the called party, and this results in a two-way authentication. One-way authentication is often required when you connect to non-Cisco devices.