Exam NSE6_FAC-6.1 topic 1 question 8 discussion

Hvae to correct myself, think it´s B and D. You need an EAP server certificate, and opposite to EAP-TLS, EAP-TTLS only uses server side certificates. EAP-TLS uses also client-side certificates = mutual authentication

https://docs.fortinet.com/document/fortiauthenticator/6.6.0/administration-guide/125951/extensible-authentication-protocol

B & C reference: rfc-editor.org/rfc/rfc5281 reference: globalreachtech.com/why-eap-ttls/

I think it is B and D. EAP-TTLS/PAP uses Cleartext Credentials EAP-TTLS/PAP is a credential-based authentication protocol that was initially designed to make the setup more accessible by requiring only the server to be authenticated, with client authentication being optional. Here, the credentials are delivered over the air in “clear text,” which means they are not encrypted and may be deciphered easily.

B and C. It's mutual authentication but the client isn't using cert auth. EAP-TTLS (or tunneled transport layer security) extends the TLS protocol. It uses digital certificates on the server side only. After the server is securely authenticated to the client, it uses the tunnel (the secure connection) to authenticate the client. P. 381