Term 181
Defender for Cloud Apps
Defender for Cloud Apps is a Microsoft cloud access security broker (CASB) that helps you discover, protect, and govern your cloud applications and data across multiple cloud environments.
Acronym study
Terms 181–210 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 181
Defender for Cloud Apps is a Microsoft cloud access security broker (CASB) that helps you discover, protect, and govern your cloud applications and data across multiple cloud environments.
Term 182
Microsoft Defender for Endpoint is a cloud-delivered enterprise security solution designed to protect devices from cyber threats using behavioral analysis, machine learning, and automated investigation.
Term 183
Defender for Identity is a cloud-based security solution that detects, investigates, and responds to advanced identity threats targeting on-premises Active Directory and cloud identities.
Term 184
Microsoft Defender for Office 365 is a cloud-based email security service that protects organizations against advanced threats like phishing, malware, and business email compromise by scanning emails, attachments, and links in real time.
Term 185
Defense in depth is a cybersecurity strategy that uses multiple layers of security controls to protect information and systems, so if one layer fails, another layer is already in place to stop the attack.
Term 186
A Denial-of-service (DoS) attack is an attempt to make a computer, network, or online service unavailable to its intended users by overwhelming it with fake traffic or requests.
Term 187
Dependency scanning is the automated process of checking software components for known security vulnerabilities and outdated versions.
Term 188
Detection is the process of identifying potential security incidents or anomalies by analyzing system data, logs, and network traffic.
Term 189
Detection engineering is the practice of designing, building, and refining security monitoring rules and signals to identify malicious activity in an IT environment.
Term 190
A detective control is a security measure that identifies and reports unwanted or suspicious activity after it has already occurred.
Term 191
A deterrent control is a security measure designed to discourage potential attackers from attempting to breach a system or commit a violation, relying on the perceived threat of consequences.
Term 192
Device risk is the chance that a computer, phone, or other endpoint could cause a security problem or data leak because it is not properly managed or protected.
Term 193
DevSecOps is a software development practice that integrates security into every phase of the DevOps lifecycle, making security a shared responsibility from the start.
Term 194
A DHCP pool is a reserved set of IP addresses that a DHCP server can assign to devices on a network automatically when they request a connection.
Term 195
A DHCP server is a network device or service that automatically assigns IP addresses and other network configuration parameters to devices on a network, eliminating the need for manual configuration.
Term 196
DHCP snooping is a network security feature that filters untrusted DHCP messages to prevent rogue DHCP servers from giving out false IP addresses.
Term 197
The Diamond model is a framework for analyzing cybersecurity intrusions by examining four key components: adversary, capability, infrastructure, and victim.
Term 198
A digital identity is the online representation of a person, device, or entity used to authenticate and authorize access to digital resources.
Term 199
Digital Rights Management (DRM) is a set of technologies used to control how digital content like music, movies, ebooks, or software is accessed, copied, or shared.
Term 200
AWS Direct Connect is a cloud service that lets you create a dedicated private network link from your on-premises data center to AWS, bypassing the public internet for more consistent and secure connectivity.
Term 201
Disaster recovery is a set of policies, procedures, and tools that help an organization restore critical IT systems and data after a disruptive event.
Term 202
A Disaster Recovery Plan (DRP) is a documented, structured approach that outlines how an organization can quickly resume critical IT systems and operations after a disruptive event.
Term 203
A disk image is a sector-by-sector copy of an entire storage device, such as a hard drive or SSD, used in incident response to preserve forensic evidence exactly as it existed at a point in time.
Term 204
A cyberattack where many compromised computers flood a target system with traffic, making it unavailable to legitimate users.
Term 205
Data Loss Prevention — security technology that detects and prevents unauthorised transmission of sensitive data outside an organisation.
Term 206
A DLP policy is a set of rules that an organization uses to prevent sensitive data from being lost, stolen, or accidentally exposed, whether it is in use, in motion, or at rest.
Term 207
A DMZ (demilitarized zone) is a network segment that sits between an internal private network and the public internet, hosting publicly accessible services while keeping the internal network isolated.
Term 208
DNS is the system that translates human-friendly domain names like example.com into machine-readable IP addresses so computers can find each other on a network.
Term 209
A DNS log is a record of all Domain Name System queries and responses that pass through a server, providing a trail of which domains were requested, by whom, and when.
Term 210
DNS over HTTPS is a protocol that sends Domain Name System queries and responses over the encrypted HTTPS protocol to protect user privacy and prevent tampering.