Term 241
Indicator of compromise
An indicator of compromise is a piece of digital evidence—such as a suspicious file hash, IP address, or unusual network pattern—that suggests a system may have been breached by an attacker.
Acronym study
Terms 241–270 of 514 CS0-003 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 241
An indicator of compromise is a piece of digital evidence—such as a suspicious file hash, IP address, or unusual network pattern—that suggests a system may have been breached by an attacker.
Term 242
Information barriers are policies and technical controls that prevent the unauthorized flow of sensitive information between different parts of an organization to avoid conflicts of interest and ensure compliance.
Term 243
Information protection refers to the policies, procedures, and technologies used to safeguard data from unauthorized access, disclosure, alteration, or destruction.
Term 244
Information security management is the systematic process of developing, implementing, monitoring, and improving policies, procedures, and controls to protect an organization's information assets from threats and ensure confidentiality, integrity, and availability.
Term 245
Infrastructure as code scanning is the automated process of checking infrastructure configuration files for security misconfigurations, compliance violations, and potential vulnerabilities before deployment.
Term 246
Inherent risk is the level of risk that exists in a process or system before any security controls or mitigations are applied.
Term 247
An application security vulnerability that occurs when untrusted user data is deserialized without proper validation, potentially allowing an attacker to manipulate the application or execute malicious code.
Term 248
Insider Risk Management is the practice of identifying, assessing, and mitigating threats that originate from within an organization, such as employees, contractors, or partners who have legitimate access to systems and data.
Term 249
An inspector is a tool or role that checks systems, configurations, or data against a set of rules to ensure they are secure and compliant.
Term 250
IOA (Indicator of Attack) is a security concept that focuses on detecting the intent and sequence of actions leading up to a cyber attack, rather than just the artifacts left behind after a breach.
Term 251
IOC stands for Indicator of Compromise, which is forensic evidence that a system has been breached or infected by malware.
Term 252
Isolation is the process of separating a compromised or suspicious system from a network to prevent the spread of malware or unauthorized access.
Term 253
journald is the systemd logging service that collects, stores, and manages system logs on modern Linux distributions, providing structured log data and binary log files.
Term 254
Just-enough access is an identity and access management principle that grants users only the minimum permissions required to perform their specific job tasks, reducing security risks.
Term 255
Just-in-time access is a security method that grants users elevated permissions only for a limited time exactly when they need them, then automatically removes those permissions.
Term 256
A JSON Web Token (JWT) is a compact, self-contained token used to securely transmit information between parties as a JSON object.
Term 257
Kerberoasting is an attack where a hacker steals service account password hashes from Active Directory to crack them offline and gain unauthorized access.
Term 258
A kill chain is a step-by-step model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.
Term 259
Kinesis is a managed service for real-time data streaming, processing, and analysis at scale.
Term 260
KMS (Key Management Service) is a Microsoft technology that automates volume licensing activation for Windows and Office products within an organization's network.
Term 261
KMS encryption is a managed service that creates, stores, and controls cryptographic keys used to encrypt data in the cloud.
Term 262
Kusto Query Language is a powerful read-only query language used to explore, analyze, and visualize large datasets, most notably in Azure Data Explorer and Microsoft Sentinel.
Term 263
Kubernetes RBAC is a security mechanism that controls who can access and perform actions on resources in a Kubernetes cluster based on their role.
Term 264
Kubernetes security is the practice of protecting containerized applications, the Kubernetes cluster itself, and the underlying infrastructure from unauthorized access, data breaches, and system vulnerabilities.
Term 265
Kusto Query Language (KQL) is a read-only, high-performance query language used to analyze large datasets, especially for log monitoring, security investigations, and operational analytics in Microsoft Azure.
Term 266
Lateral movement is the technique attackers use to move through a network from one compromised system to another, seeking sensitive data or higher privileges.
Term 267
Lessons learned is the process of capturing, analyzing, and documenting knowledge gained from past incidents or projects to improve future security operations and prevent recurrence of problems.
Term 268
Likelihood is the estimated probability that a specific threat will exploit a vulnerability, causing harm to an IT asset or system.
Term 269
Living off the land is an attack technique where cybercriminals use the legitimate tools and software already installed on a computer system to carry out malicious activities, making them harder to detect.
Term 270
A Log Analytics workspace is a unique environment in Azure Monitor where log data from various sources is collected, stored, and queried for analysis and reporting.