A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a
predefined time interval. Which of the following should the security technician recommend?

A.
CHAP

B.
TOTP

C.
HOTP

D.
PAP

Explanation:
Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. Therefore, the password will only be
valid for a predefined time interval.
Incorrect Answers:
A: The Challenge-Handshake Authentication Protocol (CHAP) is used primarily over dial-up connections to provide a secure transport mechanism for logon
credentials.
C: HMAC-based one-time password (HOTP) tokens are devices that generate passwords based on a nonrepeating one-way function. It is not restricted to time.
D: PAP allows for two entities to share a password in advance and use the password as the basis of authentication. It is not dependant on time.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 282, 283.
http://en.wikipedia.org/wiki/Password_authentication_protocol#Working_cycle