An associate of yours configured a PPPoE connection. You have been alerted by a vulnerability tester that by using a sniffer, he was able to learn the connection credentials.

What type of authentication must your associate have configured on the connection?

A. PAP

B. 802.1x
C. CHAP
D. IPsec

Explanation:
The method used must have been Password Authentication Protocol (PAP). This method transmits the credentials in clear text, which makes it a poor choice.

There are only two methods available to authenticate a PPP connection, PAP and Challenge-Handshake Authentication Protocol (CHAP). CHAP never sends the password across the link. Rather, the authenticating end of the connection sends random text and other information to the requester. The requester encrypts this data with its password and sends it back. The authenticating end of the connection reverses the encryption using the same password and compares the result with what was originally sent. If it matches, the authenticating end of the connection is assured that the requesting end knows the password.

The connection could not have used either 802.1x or IPsec, as neither method would transmit the credentials in clear text.

The connection could not have used CHAP. If it had, the credentials could not have been captured with a sniffer.

Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify PPP