See https://en.wikipedia.org/wiki/Cold_boot_attack

Yes. Also depending on the implementation (ie if it's not an outdated Intel machine) it is presumably also vulnerable to snooping the memory bus while it's running. Note that this active attack applies regardless of encryption and impacts even enterprise SKUs. https://tee.fail/

if you have liquid nitrogen and a memory dumping boot disk, or a memory bus interceptor