Module 2 Overview
Module 2 of 3
Data Protection
Apply DLP Controls to Prevent Data Loss
Alex now understands where sensitive data lives, how it moves, and which exposures represent the highest risk. Visibility alone does not reduce risk. Protection requires enforcing controls that prevent data from leaving authorized boundaries. In this module, Alex transitions from observation to action — building detection logic, applying enforcement policies, and testing those policies through realistic user behavior.
Confirm Tenant Switch
You should now be logged into the Lab Tenant (Tenant 2). This is a clean environment with no active DLP policies. You will build them from scratch.
Module Objectives
| Question | Capability |
|---|---|
| What defines sensitive data? | DLP Dictionaries |
| How is sensitive data detected? | DLP Engines |
| How is data protected during network transfer? | Inline Web DLP |
| How is data protected on the device? | Endpoint DLP |
| How is data protected inside the browser? | Browser DLP |
Labs in This Module
5
Build Detection Logic — Dictionaries & Engines
How do we define and detect sensitive data?
6
Inline DLP — Web Upload Control
How do we stop data leaving via the network?
7
Endpoint DLP — USB Device Control
How do we protect data on user devices?
8
Browser DLP — AI Tools & Web Forms
How do we protect data submitted through the browser?