If I understand correctly

WPA2 has two parts

Authentication and encryption

If I use WPA2 enterprise with RADIUS server and certificates

The authentication part would take place within an encrypted (TLS or other) session

And data session will be encrypted with say AES.

Questions

• •1. Is the above correct?
  
• •2. Is the whole session between wireless device and AP encrypted and unhackable?
  
• •3. When using WPA2 personal (PSK), is the session also encrypted with AES?