Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)
Click on the arrows to vote for the correct answerA. B. C. D. E. F.
PPP (Point-to-Point Protocol) is a data link protocol used to establish a direct connection between two nodes in a network. PPP provides authentication, encryption, and compression for data transmission over serial links. The CHAP (Challenge Handshake Authentication Protocol) is an authentication mechanism used in PPP links to verify the identity of the peer device.
The two true statements about using the CHAP authentication mechanism in a PPP link are:
A. CHAP uses a two-way handshake: When a PPP connection is established, the CHAP authentication process starts. CHAP uses a two-way handshake process to authenticate the peer device. In the first step, the authenticator sends a challenge message to the peer device, which includes a randomly generated value (challenge). In the second step, the peer device responds with a value calculated using the challenge and its secret password. The authenticator then compares the received value with its own calculation of the expected value. If the values match, the authentication is successful.
D. CHAP authentication is performed only upon link establishment: CHAP authentication is performed only upon link establishment. Once the PPP link is established, CHAP authentication is not performed again unless the link is disconnected and reconnected. CHAP authentication is not periodic, which means it does not occur at regular intervals during the PPP session.
The other statements are false:
B. CHAP authentication periodically occurs after link establishment: CHAP authentication does not occur periodically after link establishment. It is only performed once during link establishment.
C. CHAP has no protection from playback attacks: CHAP provides protection against playback attacks by using a randomly generated challenge value for each authentication attempt. This challenge value ensures that each authentication attempt is unique and cannot be replayed.
E. CHAP uses a three-way handshake: CHAP uses a two-way handshake, as explained in statement A.
F. CHAP authentication passwords are sent in plaintext: CHAP authentication passwords are not sent in plaintext. Instead, CHAP uses a one-way hash function to encrypt the password before sending it over the link. This ensures that the password is not easily readable by an attacker who may intercept the PPP traffic.