Which of the following EAP protocols is primarily developed for third generation (3G) mobile networks?

A.
EAP-TTLS

B.
EAP-FAST

C.
EAP-AKA

D.
EAP-SIM

Explanation:
EAP-Authentication and Key Agreement (EAP-AKA) is primarily developed for third generation (3G) mobile networks. Extensible Authentication Protocol Method for UMTS Authentication and Key Agreement, or EAP-AKA, is an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution using the Universal Mobile Telecommunications System (UMTS) Subscriber Identity Module (USIM).
Answer option D is incorrect. EAP-Subscriber Identity Module (EAP-SIM) is primarily developed for second generation (2G) mobile networks.
Answer option B is incorrect. EAP-FAST (Flexible Authentication via Secure Tunneling) is a protocol proposal by Cisco Systems as a replacement for LEAP. The protocol was designed to address the weaknesses of LEAP while preserving the “lightweight” implementation. Use of server certificates is optional in EAP-FAST. EAP-FAST uses a Protected Access Credential (PAC) to establish a TLS tunnel in which client credentials are verified.

Answer option A is incorrect. EAP-Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends TLS. It is widely supported across platforms; although there is no native OS support for this EAP protocol in Microsoft Windows, it requires the installation of small extra programs such as SecureW2. EAP-TTLS offers very good security. The client can but does not have to be authenticated via a CA-signed PKI certificate to the server. This greatly simplifies the setup procedure, as a certificate does not need to be installed on every client. After the server is securely authenticated to the client via its CA certificate and optionally the client to the server, the server can then use the established secure connection (“tunnel”) to authenticate the client.