Knowledge Check
You have completed all 9 labs across three modules. These questions are designed to test cross-lab understanding โ connections between labs, architectural principles, and the reasoning behind design decisions that span the full Dataparity data security lifecycle.
Use this section as a group discussion rather than an individual quiz. The best answers will draw on multiple labs simultaneously. Allow 10 minutes and encourage attendees to reference the lab guide if needed โ the goal is synthesis, not memorization.
Module 1 โ Visibilityโ
Q1. In Labs 1โ4, Alex observed Dataparity's environment without enforcing any blocking policies. Why is it important to start with visibility before enforcement โ and what risk does skipping this step create?
Q2. Lab 3 (DSPM) showed sensitive data at rest across SaaS, cloud storage, and endpoints. Lab 4 (Copilot Readiness) used the same data map to assess AI exposure risk. What is the connection between DSPM and Copilot Readiness โ and why does one depend on the other?
Q3. Instance Discovery in Lab 1 distinguishes between corporate and personal instances of the same application (e.g., corporate Google Drive vs. personal Google Drive). Why does this matter for a DLP policy โ and what would happen if you blocked the application rather than the personal instance?
Module 2 โ Protectionโ
Q4. A single DLP engine โ DP Project Code โ was built in Lab 5 and reused across Labs 6, 7, and 8 without reconfiguration. What is the architectural advantage of this approach, and what would the alternative (per-channel engines) cost operationally?
Q5. Kevin attempted data exfiltration three times across Module 2. Complete the table:
| Attempt | Lab | Channel | What stopped it | Why proxy alone couldn't |
|---|---|---|---|---|
| Browser upload to 4shared.com | Lab 6 | |||
| Copy/paste to Notepad++ | Lab 7 | |||
| Paste into ChatGPT prompt | Lab 8 |
Q6. Lab 6 used Inline Web DLP and Lab 7 used Endpoint DLP โ both blocked Kevin. But the logs appeared in different places (Web Insights vs. Endpoint DLP Insights). Where do both streams eventually converge for a SOC analyst, and in which lab did you see this?
Q7. Browser DLP in Lab 8 requires a Chrome extension. What does this mean for coverage when employees use Firefox, Edge, or Safari โ and which of the other two DLP layers (Inline or Endpoint) would provide coverage for those browsers?
Q8. Lab 7's Clipboard rule was scoped to Notepad++ (Windows) as the destination application. A colleague suggests changing the destination to Any to maximize protection. What is the trade-off of setting destination to Any โ and under what circumstances would you keep it scoped to a specific application?
Module 3 โ Investigationโ
Q9. In Lab 9, the State Changes audit trail showed that the originating user was automatically notified before any analyst touched the incident. Which Workflow Template produced this behavior โ and how does this change the SOC analyst's role from reactive to supervisory?
Q10. Priya filtered the incident queue by Source DLP Type = Inline + Endpoint. If she had also included SaaS Security in the filter, what additional incident types would she expect to see โ and which module's labs would have generated them?
Cross-Lab Synthesisโ
Q11. The lab guide follows a single narrative thread: one fictional company (Dataparity), one sensitive file (the payroll/customer records document), three personas, and nine labs. Trace the file's journey:
- Which labs does it appear in?
- Which persona interacts with it in each lab?
- What control stops it at each stage?
Q12. Zscaler's data security architecture is described as three complementary layers โ Inline Web DLP, Endpoint DLP, and Browser DLP. A customer asks: "If I deploy all three, am I fully protected?" Based on what you observed across Labs 6, 7, and 8, what would you say โ and what gaps, if any, remain?
- Q5 is the highest-value question โ work through it as a group on the whiteboard if time permits. The completed table is the clearest summary of the entire Module 2 narrative.
- Q11 surfaces the narrative thread explicitly โ many attendees will not have consciously tracked the file across labs. This is a good moment to reinforce the lab's design intent.
- Q12 is intentionally open-ended. Acceptable gaps to surface: mobile devices, unmanaged endpoints without the ZCC agent, non-Chrome browsers without the Browser DLP extension, encrypted traffic from non-inspectable applications.