SCRAM is a password-based authentication mechanism used in MongoDB 3.0 as its default authentication protocol, replacing MONGODB-CR. It uses a challenge-response protocol to protect against replay attacks and features additional security mechanisms to prevent other types of attacks such as eavesdropping, database compromise, and malicious server attacks. The protocol involves the client sending an initial message with a username and random nonce, followed by a response from the server containing a salt, iteration count, and combined nonce. The client then computes a proof using the stored key and authentication message, which is verified by the server to prove the client's identity. SCRAM uses a hash-based message authentication code and a key derivation function to ensure secure password storage and verification. Its design provides justification for its intended use in protecting against various types of attacks and ensuring secure authentication.