Kasim is a network technician. He is tasked with deploying a virtual private network (VPN) in his company's IT infrastructure. He wants to place the VPN device where it is directly connected to both the Internet and the internal LAN. He believes that security will not be a concern because the VPN is already encrypted point-to-point. Which of the following is true of this configuration? a) The VPN device itself is still capable of being attacked. b) Without a firewall, an employee on the internal LAN could use the VPN to make an insecure connection to a remote host. c) A VPN has a built-in firewall and is therefore protected from Internet threats. d) This configuration could leave the VPN device vulnerable to social engineering