nerdexam
(ISC)2

CISSP · Question #122

Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?

The correct answer is B. Do not take unnecessary information, including sensitive information.. When traveling internationally with sensitive data, the best practice is to minimize the data you carry, reducing exposure risk if the device is lost, stolen, or compromised.

Submitted by ravi_2018· Mar 5, 2026Asset Security

Question

Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?

Options

  • AUse a thumb drive to transfer information from a foreign computer.
  • BDo not take unnecessary information, including sensitive information.
  • CConnect the laptop only to well-known networks like the hotel or public Internet cafes.
  • DRequest international points of contact help scan the laptop on arrival to ensure it is protected.

How the community answered

(35 responses)
  • A
    9% (3)
  • B
    71% (25)
  • C
    3% (1)
  • D
    17% (6)

Why each option

When traveling internationally with sensitive data, the best practice is to minimize the data you carry, reducing exposure risk if the device is lost, stolen, or compromised.

AUse a thumb drive to transfer information from a foreign computer.

Using a thumb drive on a foreign computer introduces significant malware and data exfiltration risks, as foreign systems may be compromised or intentionally set up to capture data from inserted media.

BDo not take unnecessary information, including sensitive information.Correct

The principle of data minimization dictates that you should only carry information strictly necessary for the trip. Leaving unnecessary PII behind eliminates the risk of that data being exposed through device theft, border searches, or foreign surveillance, which is a foundational best practice in travel security policies from organizations like NIST and DHS.

CConnect the laptop only to well-known networks like the hotel or public Internet cafes.

Hotel Wi-Fi and public internet cafes are considered high-risk, untrusted networks that are frequent targets for man-in-the-middle attacks, making them unsuitable for handling PII.

DRequest international points of contact help scan the laptop on arrival to ensure it is protected.

Allowing foreign contacts or unknown parties to scan your laptop introduces a potential attack vector, as scanning tools or physical access could be used to install malware or exfiltrate data from the device.

Concept tested: Data minimization best practices for international travel

Source: https://www.cisa.gov/sites/default/files/publications/19_1009_cisa_international-travel-tips.pdf

Topics

#data protection#PII#travel security#data minimization

Community Discussion

No community discussion yet for this question.

Full CISSP Practice