Can end users be forced to authenticate by using client certificates and username/password credentials?

Can end users be forced to authenticate by using client certificates and username/password credentials?

A.
Yes, but by manually changing the parameter :IsPasswordWarning to true in the $FWDIR/conf/objects_5_0.C file, to allow for LDAP password remediation; and through the use of multiple-challenge login pages.

B.
No, R71 only supports authentication by client certificates.

C.
Yes, by editing the protection-level settings.

D.
SSL VPN only supports server certificates.