CISSP Question #122: Real Exam Question with Answer & Explanation

Question

Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?

Options

• AUse a thumb drive to transfer information from a foreign computer.
• BDo not take unnecessary information, including sensitive information.
• CConnect the laptop only to well-known networks like the hotel or public Internet cafes.
• DRequest international points of contact help scan the laptop on arrival to ensure it is protected.

Explanation

When traveling internationally with sensitive data, the best practice is to minimize the data you carry, reducing exposure risk if the device is lost, stolen, or compromised.

Common mistakes.

• A. Using a thumb drive on a foreign computer introduces significant malware and data exfiltration risks, as foreign systems may be compromised or intentionally set up to capture data from inserted media.
• C. Hotel Wi-Fi and public internet cafes are considered high-risk, untrusted networks that are frequent targets for man-in-the-middle attacks, making them unsuitable for handling PII.
• D. Allowing foreign contacts or unknown parties to scan your laptop introduces a potential attack vector, as scanning tools or physical access could be used to install malware or exfiltrate data from the device.

Concept tested. Data minimization best practices for international travel

Reference. https://www.cisa.gov/sites/default/files/publications/19_1009_cisa_international-travel-tips.pdf

No community discussion yet for this question.