Which of the following authentication methods prevents authentication replay?
A.
Password hash implementation
B.
Challenge/response mechanism
C.
Wired Equivalent Privacy (WEP) encryption usage
D.
HTTP Basic Authentication
Explanation:
A challenge •response mechanism prevents replay attacks by sending a different random
challenge in each authentication event. The response is linked to that challenge. Therefore,
capturing the authentication handshake and replaying it through the network will not work. Using
hashes by itself will not prevent a replay. A WEP key will not prevent sniffing (it just takes a few
more minutes to break the WEP key if the attacker does not already have it) and therefore will not
be able to prevent recording and replaying an authentication handshake. HTTP Basic
Authentication is clear text and has no mechanisms to prevent replay.