Which three authentication methods correctly describe digital certificate requirements when using EAP-TLS authentication? (Choose three.)
A. The client does not need the corresponding private key.
B. The EAP-TLS is sent in cleartext when the root certificate is not installed
C. The subject name in the certificate must correspond to the user account name.
D. EAP-TLS requires a root certificate but not a user certificate.
E. The certificate must be installed when the requested user is logged in to the machine.
F. The certificate has to be X.509 Version 3.
Correct answers are CEF
https://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml