Term 151
Kubernetes security
Kubernetes security is the practice of protecting containerized applications, the Kubernetes cluster itself, and the underlying infrastructure from unauthorized access, data breaches, and system vulnerabilities.
Acronym study
Terms 151–180 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 151
Kubernetes security is the practice of protecting containerized applications, the Kubernetes cluster itself, and the underlying infrastructure from unauthorized access, data breaches, and system vulnerabilities.
Term 152
LDAP is a protocol used to access and manage directory information over a network, such as user accounts and permissions.
Term 153
A legal requirement is a mandatory rule or standard set by law or regulation that an organization must follow, often concerning data protection, privacy, or security practices.
Term 154
MAC (Media Access Control) is a unique hardware identifier assigned to network interfaces for communication on a local network segment.
Term 155
Malware is any software intentionally designed to cause damage, disrupt operations, steal data, or gain unauthorized access to computer systems.
Term 156
Malware analysis is the process of examining malicious software to understand its behavior, origin, and impact, enabling defenders to detect, contain, and prevent future attacks.
Term 157
Malware symptoms are the observable signs on a computer or network that indicate a malicious program may have infected the system, such as slow performance, unexpected pop-ups, or unusual network activity.
Term 158
Mandatory vacation is a security control that requires employees to take a consecutive period of leave so that any unauthorized activities or irregularities in their work can be detected by others.
Term 159
Maximum tolerable downtime (MTD) is the total amount of time a business process or system can be unavailable before causing irreparable harm to the organization.
Term 160
A meeting policy is a set of rules and configurations that control how online meetings are created, joined, and conducted within a collaboration platform.
Term 161
A messaging policy is a set of rules that govern how an organization's email and instant messaging systems handle, route, secure, and retain messages to ensure compliance, security, and operational efficiency.
Term 162
Multi-Factor Authentication (MFA) is a security method that requires a user to verify their identity using two or more different types of evidence, such as a password plus a code from a phone, before they can access an account or system.
Term 163
Microsoft Defender XDR is a unified security platform that automatically correlates alerts from across an organization's endpoints, email, identities, and cloud apps to stop complex attacks.
Term 164
MTD (Maximum Tolerable Downtime) is the longest period a business can function without a specific system or service before the damage becomes unacceptable.
Term 165
Multilevel security is a computer security approach that allows users with different clearance levels to access data at different classification levels on the same system, while preventing unauthorized access.
Term 166
Network Access Control (NAC) is a security technology that enforces policies to control which devices and users can connect to a network.
Term 167
Need to know is a security principle that restricts access to information or resources only to individuals who require that access to perform their job duties.
Term 168
Network security is the practice of protecting a computer network from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, ensuring the confidentiality, integrity, and availability of data and resources.
Term 169
A Network Security Group is a set of rules that controls inbound and outbound traffic to Azure resources like virtual machines and subnets.
Term 170
The NIST Cybersecurity Framework is a set of voluntary guidelines, standards, and best practices created by the National Institute of Standards and Technology to help organizations manage and reduce cybersecurity risk.
Term 171
OAuth is an open standard for access delegation that allows users to grant third-party applications limited access to their resources without sharing their credentials.
Term 172
Origin access control is a security mechanism that restricts access to a network, system, or resource based on the verified identity or attributes of the requesting entity.
Term 173
The OSI model is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven distinct layers, from physical hardware to application software.
Term 174
A set of rules designed to enhance computer security by encouraging users to create strong, secure passwords and store them properly.
Term 175
The Payment Card Industry Data Security Standard is a set of security requirements designed to protect credit card data during storage, processing, and transmission.
Term 176
Penetration testing is a simulated cyberattack on a computer system, network, or application to find security weaknesses before real attackers can exploit them.
Term 177
Phishing is a type of cyber attack where criminals impersonate legitimate organizations or individuals to trick victims into revealing sensitive information such as passwords, credit card numbers, or personal data.
Term 178
Physical controls are tangible security measures like locks, fences, and biometric scanners used to protect buildings, hardware, and sensitive data from unauthorized physical access or harm.
Term 179
A policy is a set of rules or guidelines that defines how an organization manages, secures, and operates its IT systems and services.
Term 180
Policy as code is the practice of representing and managing security, compliance, and governance rules as executable code, enabling automated validation and enforcement across infrastructure and software development workflows.