Step 1 – Review what’s configured
Labels: Public, General, Confidential, Internal, External.
Also shown in policy: Confidential/Internal and Confidential/External.
Policy setting: Users must provide justification to remove a label or lower its classification.
Confidential/External → encrypts content when applied.
Step 2 – Analyze each statement
Statement 1: The Internal sensitivity label inherits all the settings from the Confidential label.
Sub-labels (e.g., Confidential/Internal, Confidential/External) do not inherit settings from the parent.
They are independent labels grouped under a parent for organization, but each sub-label must have its own protection settings defined.
Answer: No
Statement 2: Users must provide justification if they change the label of content from Confidential/Internal to Confidential/External.
The policy requires justification only when removing a label or downgrading classification (lowering).
Changing between two sub-labels of the same parent (Confidential/Internal → Confidential/External) is considered a lateral move (not a downgrade).
Answer: No
Statement 3: Content that has the Confidential/External label applied will retain the encryption settings if the sensitivity label is removed from the label policy.
If a label is removed from a published policy, content already labeled retains its protection settings (such as encryption).
The label metadata stays applied to the file/email, even if unpublished.
Answer: Yes
Submit