DLP Policy Configuration

Configure data loss prevention rules for an organization’s data classification scheme, then test your ruleset against realistic scenarios. Balance security against business function — overly aggressive rules block critical workflows, while gaps leak sensitive data.

What You’ll Practice

• Building a DLP ruleset across four categories: content patterns, data labels, endpoint controls, and network controls
• Choosing appropriate enforcement actions (Block, Encrypt, Log, Allow) based on data sensitivity and business context
• Evaluating your configuration against test scenarios that expose false negatives (data leaks) and false positives (blocked business)
• Understanding the tradeoff between aggressive security policies and operational friction

How the Exam Tests This

Objective 4.6 covers modifying enterprise capabilities to enhance security, including DLP as a key control. CompTIA tests whether you can identify appropriate DLP configurations for specific data types (PII, PHI, PCI), understand content inspection patterns, and recognize when DLP rules need refinement. Expect scenario-based questions where a DLP rule either fails to catch sensitive data or blocks a legitimate business process.

Scoring

Your DLP configuration is tested against 8 realistic scenarios. Each is scored as correct action, false negative (data leaked that should have been blocked), or false positive (legitimate business blocked). Final score reflects both your detection rate and your false positive rate — perfect security that breaks the business isn’t the answer.