A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from
leaking outside of the corporate network. The company has already implemented full-disk encryption and has
disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be
implemented to minimize the risk of data leakage? (Select TWO).
A.
A full-system backup should be implemented to a third-party provider with strong encryption for data in
transit.
B.
A DLP gateway should be installed at the company border.
C.
Strong authentication should be implemented via external biometric devices.
D.
Full-tunnel VPN should be required for all network communication.
E.
Full-drive file hashing should be implemented with hashes stored on separate storage.
F.
Split-tunnel VPN should be enforced when transferring sensitive data.