One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?

A.
File level encryption with alphanumeric passwords

B.
Biometric authentication and cloud storage

C.
Whole disk encryption with two-factor authentication

D.
BIOS passwords and two-factor authentication

Explanation:
Whole-disk encryption only provides reasonable protection when the system is fully powered off. to make the most of the defensive strength of whole-disk
encryption, a long, complex passphrase should be used to unlock the system on bootup. Combining whole-disk encryption with two factor authentication would
further increase protection.
Incorrect Answers:
A: configuring file level encryption with alphanumeric passwords would still allow thieves access to the system, and time to crack the password.
B: Biometric authentication and cloud storage would work, but the question requires a basic solution.
D: BIOS passwords are easily removed by removing the CMOS battery, allowing a thief to power up the laptop. Once powered on, the thief can crack passwords at
their leisure.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 252, 282.
https://www.technibble.com/how-to-bypass-or-remove-a-bios-password/