A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company
has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST
be implemented to minimize the risk of data leakage? (Select TWO).

A.
A full-system backup should be implemented to a third-party provider with strong encryption for data in transit.

B.
A DLP gateway should be installed at the company border.

C.
Strong authentication should be implemented via external biometric devices.

D.
Full-tunnel VPN should be required for all network communication.

E.
Full-drive file hashing should be implemented with hashes stored on separate storage.

F.
Split-tunnel VPN should be enforced when transferring sensitive data.