A security administrator is tasked with implementing two-factor authentication for the company
VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS
server. New company policies require a second factor of authentication, and the Information
Security Officer has selected PKI as the second factor. Which of the following should the security
administrator configure and implement on the VPN concentrator to implement the second factor
and ensure that no error messages are displayed to the user during the VPN connection? (Select
TWO).

A.
The user’s certificate private key must be installed on the VPN concentrator.

B.
The CA’s certificate private key must be installed on the VPN concentrator.

C.
The user certificate private key must be signed by the CA.

D.
The VPN concentrator’s certificate private key must be signed by the CA and installed on the
VPN concentrator.

E.
The VPN concentrator’s certificate private key must be installed on the VPN concentrator.

F.
The CA’s certificate public key must be installed on the VPN concentrator.