| Exam 200-120 | Question id=57 | WAN Technologies |
Which statements about using the CHAP authentication mechanism in a PPP are true?
| A. |
CHAP uses a two-way handshake. | |
| B. |
CHAP uses a three-way handshake. | |
| C. |
CHAP authentication periodically occurs after link establishment. | |
| D. |
CHAP authentication passwords are sent in plaintext. | |
| E. |
CHAP authentication is performed only upon link establishment. | |
| F. |
CHAP has no protection from playback attacks. |
CHAP is defined as a one-way authentication method. However, you use CHAP in both directions to create a two-way authentication. Hence, with two-way CHAP, a separate three-way handshake is initiated by each side. In the Cisco CHAP implementation, by default, the called party must authenticate the calling party (unless authentication is completely turned off). Therefore, a one-way authentication initiated by the called party is the minimum possible authentication. However, the calling party can also verify the identity of the called party, and this results in a two-way authentication. One-way authentication is often required when you connect to non-Cisco devices.