Which EAP (Extensible Authentication Protocol) type is similar to PEAP (Protected Extensible Authentication Protocol) but uses a Protected Access Credential (PAC) instead of a certificate to set up the tunnel?

The correct choice is EAP-FAST (EAP with Flexible Authentication via Secure Tunneling) because it establishes an authenticated tunnel using a Protected Access Credential (PAC) rather than relying on a digital certificate. This mechanism allows for a lightweight and flexible approach to secure authentication, making it suitable for environments where certificate management may be cumbersome or not feasible.

EAP-FAST creates a secure tunnel to protect subsequent authentication exchanges, and using a PAC simplifies the setup compared to protocols that require full public key infrastructure (PKI) for certificate management. This makes EAP-FAST attractive for organizations looking to address scalability and deployment ease while maintaining a high level of security.

Other similar protocols, such as EAP-TTLS and PEAP, use certificates for the establishment of their secure tunnels. EAP-TTLS, while also creating a secure tunnel, relies on a server-side certificate, and PEAP similarly requires server-side certificates and offers user authentication inside a secure tunnel. EAP-TLS, on the other hand, is based on mutual authentication using certificates for both the client and server, which involves more complexity concerning certificate management.