312-50V11 · Question #206
What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?
The correct answer is B. Encrypt the data on the hard drive.. Full-disk encryption is the only control that prevents an attacker from accessing data on a stolen laptop, regardless of hardware or OS-level bypasses.
Question
What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?
Options
- ASet a BIOS password
- BEncrypt the data on the hard drive.
- CUse a strong logon password to the operating system.
- DBack up everything on the laptop and store the backup in a safe place.
How the community answered
(31 responses)- A6% (2)
- B90% (28)
- D3% (1)
Why each option
Full-disk encryption is the only control that prevents an attacker from accessing data on a stolen laptop, regardless of hardware or OS-level bypasses.
A BIOS password prevents unauthorized booting from the device but can be bypassed by removing the hard drive and reading it directly on another system.
Encrypting the hard drive with full-disk encryption (e.g., BitLocker or similar) renders stored data unreadable without the decryption key, even if the attacker removes the drive and mounts it on another machine. This protection persists independently of any OS-level or BIOS-level controls, which can be circumvented through physical access. It is the most effective control for data-at-rest protection on a stolen endpoint.
An OS logon password can be circumvented by booting from external media or mounting the drive on a different operating system.
Backing up data protects against data loss but does nothing to prevent the attacker from reading the data still present on the stolen laptop.
Concept tested: Full-disk encryption for data-at-rest protection
Source: https://csrc.nist.gov/publications/detail/sp/800-111/final
Topics
Community Discussion
No community discussion yet for this question.