An application service provider has notified customers of a breach resulting from improper configuration changes. In the incident, a server intended for internal
access only was made accessible to external parties. Which of the following configurations were likely to have been improperly modified, resulting in the breach?

A.
NAT

B.
IDS

C.
CRL

D.
VPN