Which two statements about the EAP-TTLS authentication method are true? (Choose two.)
Which two statements about the EAP-TTLS authentication method are true? (Choose two.)
EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security) is an authentication method that uses digital certificates only on the server side, which securely authenticates the server to the client. This method requires an EAP server certificate. Unlike EAP-TLS, which requires certificates on both the server and client sides, EAP-TTLS facilitates a simpler deployment by eliminating the need for client-side certificates.
B and C. It's mutual authentication but the client isn't using cert auth. EAP-TTLS (or tunneled transport layer security) extends the TLS protocol. It uses digital certificates on the server side only. After the server is securely authenticated to the client, it uses the tunnel (the secure connection) to authenticate the client. P. 381
B & C reference: rfc-editor.org/rfc/rfc5281 reference: globalreachtech.com/why-eap-ttls/
I think it is B and D. EAP-TTLS/PAP uses Cleartext Credentials EAP-TTLS/PAP is a credential-based authentication protocol that was initially designed to make the setup more accessible by requiring only the server to be authenticated, with client authentication being optional. Here, the credentials are delivered over the air in “clear text,” which means they are not encrypted and may be deciphered easily.
https://docs.fortinet.com/document/fortiauthenticator/6.6.0/administration-guide/125951/extensible-authentication-protocol
Hvae to correct myself, think it´s B and D. You need an EAP server certificate, and opposite to EAP-TLS, EAP-TTLS only uses server side certificates. EAP-TLS uses also client-side certificates = mutual authentication