Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)

Which two statements about using the CHAP authentication mechanism in a PPP link are true? (Choose two.)
A . CHAP uses a two-way handshake.
B . CHAP uses a three-way handshake.
C . CHAP authentication periodically occurs after link establishment.
D . CHAP authentication passwords are sent in plaintext.
E . CHAP authentication is performed only upon link establishment.
F . CHAP has no protection from playback attacks.

View Answer

Answer: B, C

Explanation:

Understanding and Configuring PPP CHAP Authentication

http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml

One-Way and Two-Way Authentication

CHAP is defined as a one-way authentication method.

However, you use CHAP in both directions to create a two-way authentication. Hence, with two-way CHAP, a separate three-way handshake is initiated by each side. In the Cisco CHAP implementation, by default, the called party must authenticate the calling party (unless authentication is completely turned off). Therefore, a one-way authentication initiated by the called party is the minimum possible authentication.

However, the calling party can also verify the identity of the called party, and this results in a two-way authentication.

One-way authentication is often required when you connect to non-Cisco devices.