A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users
against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the
second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and
ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).

A.
The user’s certificate private key must be installed on the VPN concentrator.

B.
The CA’s certificate private key must be installed on the VPN concentrator.

C.
The user certificate private key must be signed by the CA.

D.
The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator.

E.
The VPN concentrator’s certificate private key must be installed on the VPN concentrator.

F.
The CA’s certificate public key must be installed on the VPN concentrator.