Microsoft Cybersecurity Architect — Question 35

You have a Microsoft 365 tenant that uses Microsoft SharePoint Online and Microsoft Purview. Microsoft Purview has a sensitivity

label named Label1 that is applied to the files stored on SharePoint Online sites.

You need to recommend a Microsoft Purview Data Loss Prevention (DLP) policy that meets the following requirements:

• Prevents users from uploading the files to third-party external websites
• Allows users to upload the files to Microsoft OneDrive for Business

To which location should you apply the DLP policy?

Answer options

• A. Devices
• B. OneDrive accounts
• C. SharePoint sites
• D. Microsoft Defender for Cloud Apps

Correct answer: D

Explanation

The correct answer is D, Microsoft Defender for Cloud Apps, because it provides the necessary controls to enforce DLP policies for cloud applications and can prevent users from uploading files to unauthorized external sites while allowing uploads to OneDrive for Business. The other options do not provide the same level of integration and control over third-party interactions and cloud application policies.