Information Protection Basics

Question 1

Confidence level link to false positive

Answer 1

The lower, the more false positive

Question 2

Three ways to create a custom SIT

Answer 2

1) Regex, function, keyword list or dictionary
2) Document fingerprinting
3) Exact data match

Question 3

Document fingerprinting limitation (5)

Answer 3

Max 50 fingerprints per tenants, password protected files, file that contain only images, files greater than 4MB, dotx files

Question 4

Number of documents to train a classifier

Answer 4

Between 50 and 500

Question 5

Number of documents to test a classifier

Answer 5

200

Question 6

Location where documents for training/testing a trainable classifier need to be

Answer 6

SharePoint Online folder

Question 7

Permission restriction for trainable classifier

Answer 7

Only the user who created the classifier can train and review predictions made by that classifier

Question 8

Timeline for trainable classifier

Answer 8

1) Initiate the training classifier that will start by scanning all the content (7-14 days)
2) Train documents (up to 24h)
3) Testing (up to 10 days)
4) Publish

Question 9

Format limitation of trainable classifier

Answer 9

Encrypted files and name file extensions not supported by SP Online

Question 10

Downstream inheritance of sensitivity labels

Answer 10

When data is used to generate reports, these reports are also protected by the same sensitivity label

Question 11

Capabilities of sensitivity labels (2)

Answer 11

1) Encryption
2) Mark documents (header, footer, watermark)

Question 12

Pre-requisite to start creating sensitivity label policies

Answer 12

Have auditing turned on

Question 13

Where are sensitivity labels published to?

Answer 13

Users and Groups (incl. distribution and mail-enabled Security Groups)

Question 14

Where are retention labels published to?

Answer 14

Locations (OneDrive, SharePoint, Exchange,…)

Question 15

Which portal can you use to enable sensitivity labels for SharePoint and OneDrive?

Answer 15

1) Purview
2) PowerShell

Question 16

What is Purview Information Protection Scanner used for?

Answer 16

To apply labels on-premise (SP librairies/folders and UNC paths)

Question 17

Where is Purview Information Protection Scanner installed and configured?

Answer 17

Installed on Windows Server but configured in the Azure portal

Question 18

Pre-requisite to start applying sensitivity label in SP/Teams

Answer 18

Perform some commands in PowerShell

Question 19

If you apply a sensitivity label to an email with attachement, does the attachment inherit the sensitivity label?

Answer 19

Only if the attachement has a label without encryption but the email has a label that requires encryptions. If the attachement has no label, no label will be applied.

Question 20

What is the difference between the Content Explorer and the Activity Explorer?

Answer 20

The Content Explorer shows the content for each label across locations, while the Activity Explorer shows all activities that were performed e.g., which labels applied and by whom

Question 21

How many days does the Activity Explorer shows history for?

Answer 21

30 days

Question 22

Can you directly turn on an auto-labelling policy?

Answer 22

No, you need to run it in simulation mode first

Question 23

What are the three types of email encryption that Microsoft offers?

Answer 23

(1) Microsoft Purview Message Encryption (old name = OME) (2) Information Right Management (3) S/MIME

Question 24

What are the limitation of Microsoft Purview Message encryption? (2)

Answer 24

.doc, .xls, .ppt and files larger than 25MB.

Question 25

What are the technology supporting Microsoft Purview Message Encryption?

Answer 25

Azure RMS (Right Management) and IRM (Information Right Management)

Question 26

Which email encryption mechanism support external email domain (e.g., gmail)?

Answer 26

Only Purview Encryption and S/MIME

Question 27

Which email encryption mechanism offers more functionalities than just encryption?

Answer 27

IRM and Purview Message Encryption - it is also possible to defined usage restrictions e.g., not possible to print or forward an email

Question 28

Which email encryption mechanism requires the use of keys?

Answer 28

S/MIME - you must have the public key of the recipient

Question 29

What are the limitation of IRM email encryption?

Answer 29

Only internal recipients are allowed.

Question 30

What are the limitations of S/MIME (2)?

Answer 30

It requires managing the key (more complex usage) and it does not allow encrypted messages to be scanned for malware/spam

Question 31

How does BitLocker encryption works (key management)?

Answer 31

Data is encrypted with Full Volume Encryption Key, which is itself encrypted with a Volume Master Key, which is itself protected by a Trusted Platform module.

Question 32

What are the additional functionalities of Advanced Purview Message Encryption? (4)

Answer 32

(1) Message expiration (2) Multiple branding templates (3) Message revocation (4) Encrypted message portal activity logs

Question 33

Where is the expiration time for protected messages being defined?

Answer 33

In the custom branded template

Question 34

Where is the custom branding being created?

Answer 34

In PowerShell or in DLP

Question 35

What is the PowerShell command to create a new branding template?

Answer 35

New-OMEConfiguration