KT-PHY Device theft

An employee's encrypted laptop is stolen from a car; BitLocker was on but the session unlocked. Risk?

Multiple choice — select one answer

Answer choices

  1. a. Fixed automatically when the user changes their desktop wallpaper, without security or identity team coordination per policy.
  2. b. Risk only if the laptop was not registered in the asset inventory spreadsheet, without security or identity team coordination per policy.
  3. c. Data at rest is protected; data in use may be accessible until credentials are rotated
  4. d. No risk because theft of encrypted devices never leads to data disclosure, without security or identity team coordination per policy.

Architectural breakdown & explanation

Encryption helps at rest; unlocked sessions may still expose data and tokens.

Correct answer(s): c. Data at rest is protected; data in use may be accessible until credentials are rotated

Exam domain: Device theft (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Physical Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.