Step 1 – Review the configuration
Sensitivity label name: Contoso Confidential
Scope: Files and emails
Access control:
Encrypts documents/emails.
Permissions assigned to AuthenticatedUsers with Co-Author rights.
Offline access allowed only for 7 days.
Auto-labeling = None (not configured).
Content marking: Footer applied.
Step 2 – Analyze each statement
Statement 1: If a user account is disabled, the user will be immediately prevented from opening a file protected by Contoso Confidential.
Sensitivity labels with encryption enforce Azure AD authentication every time a user tries to access a file.
If the account is disabled in Azure AD, access is blocked immediately.
Answer: Yes
Statement 2: Guest users will be able to open documents protected by Contoso Confidential.
Access control was configured only for AuthenticatedUsers (internal users).
Guest or external users are not included in this group.
Therefore, guest users cannot open the protected documents.
Answer: No
Statement 3: Contoso Confidential will be applied automatically to the files stored in Microsoft SharePoint Online.
Auto-labeling for files and emails = None.
That means labeling must be applied manually by users, not automatically.
Answer: No
Final Verified Answers
If a user account is disabled, the user will be immediately prevented from opening a file protected by Contoso Confidential → Yes
Guest users will be able to open documents protected by Contoso Confidential → No
Contoso Confidential will be applied automatically to the files stored in Microsoft SharePoint Online → No
