Exam SC-400 topic 2 question 16 discussion

D is correct, as others are not solutions,

D is correct, as others are not solutions

A sensitivity label can: Encrypt the document Restrict access to internal users only Automatically apply based on sensitive information types like credit card numbers (when configured with auto-labeling)

B. a sensitivity label, on that label, you can allow permission "to all users in the org" and it will be encrypted to others.

prevent ... from being opened by users outside your company. If it had said prevent from being shared with external users, I would have picked DLP. This question is focused on the function of each technology. Sensitivity Label is what you use to prevent external users from opening files irrespective of how they got the file.

Correct Answer: B. A sensitivity label Reasoning: Sensitivity labels can encrypt documents, control access, and ensure that only internal users are authorized to open sensitive files, such as those containing credit card numbers. This directly addresses the requirement to prevent external users from opening the documents while allowing internal users to do so.

Only D makes Sense

Using a sensitivity label you can assign access only for internal users and groups using the built-in SIT for creditcard

Here the question has mention "You need to protect documents that contain credit card numbers "FROM BEING OPENED" by users outside your company." So, it is not asking to restrict sharing, hence, DLP can't be the answer. This can only be done using a Sensitive label > Add CCN as SIT > Include All users in your org. So, wherever the file resides, or travels, only internal users can access the document. And that's the reason organization applies encryption and access control. So, answer is B.

I would rather go with Sensitivity label, because of opening the file by outsiders. But it requires Auto-labeling and the sensitivity label needs to encrypt the file

The questions says you need to "protect documents that contain credit card numbers from being opened by users outside your company". It does not say that you need to "prevent documents that contain credit card numbers from shared with users outside your company". Prevention is done with DLP. Protection is done with sensitivity labels. The answer is B.

DLP for sure- allows you to define rules that detect sensitive information like credit card numbers and then restrict access or actions based on those rules

D is correct, just tested it, you can secure credit card numbers by using a PICE Data Security Standard template. Everything in 1 single policy.

A DLP policy will detect content, but a sensitivty label applies protection to the document

perhaps B ? https://learn.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide

To protect documents from being opened by user outisde the organization you need a DLP policy.

why "sensitivity label" isn't an option in this case? if you configure your label to encrypt files and apply permissions to view only to members of your organization it would work, once the question is about to "prevent to be OPENED by people outside your org". if the file is labeled this way it can't be opened.