Which protocol provides secure authentication by encrypting credentials before transmission and uses a challenge-response mechanism?

CHAP provides secure authentication by encrypting credentials and implementing a challenge-response mechanism. When a user attempts to authenticate, the server sends a unique challenge to the client. The client encrypts this challenge using a pre-shared secret (e.g., a password) and sends the response back to the server. The server verifies the response by comparing it to its own encryption result. This prevents transmission of the actual password over the network, reducing the risk of interception. Additionally, CHAP periodically reauthenticates during a session, enhancing security against session hijacking. Why Other Options Are Incorrect:

• A) PAP transmits credentials in plaintext, making it highly insecure.
• B) Kerberos uses tickets for authentication and is more complex than CHAP.
• D) OAuth 2.0 is primarily an authorization protocol, not a standalone authentication mechanism.
• E) LDAP facilitates directory services and does not inherently implement challenge-response authentication.