Which two statements about using the CHAP authentication mechanism in a PPP link are true?
(Choose two.)
A.
CHAP uses a two-way handshake.
B.
CHAP uses a three-way handshake.
C.
CHAP authentication periodically occurs after link establishment.
D.
CHAP authentication passwords are sent in plaintext.
E.
CHAP authentication is performed only upon link establishment.
F.
CHAP has no protection from playback attacks.
Explanation:
Understanding and Configuring PPP CHAP Authentication
http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml
One-Way and Two-Way Authentication CHAP is defined as a one-way authentication method.
However, you use CHAP in both directions to create a two-way authentication. Hence, with two-way
CHAP, a separate three-way handshake is initiated by each side. In the Cisco CHAP implementation,
by default, the called party must authenticate the calling party (unless authentication is completely
turned off). Therefore, a one-way authentication initiated by the called party is the minimum
possible authentication. However, the calling party can also verify the identity of the called party,
and this results in a two-way authentication. One-way authentication is often required when you
connect to non-Cisco devices.