A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN
is currently configured to authenticate VPN users against a backend RADIUS server. New company policies
require a second factor of authentication, and the Information Security Officer has selected PKI as the second
factor. Which of the following should the security administrator configure and implement on the VPN
concentrator to implement the second factor and ensure that no error messages are displayed to the userduring the VPN connection? (Select TWO).

A.
The user’s certificate private key must be installed on the VPN concentrator.

B.
The CA’s certificate private key must be installed on the VPN concentrator.

C.
The user certificate private key must be signed by the CA.

D.
The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN
concentrator.

E.
The VPN concentrator’s certificate private key must be installed on the VPN concentrator.

F.
The CA’s certificate public key must be installed on the VPN concentrator.