Term 211
Privileged access management
Privileged access management is a cybersecurity practice that controls and monitors the elevated access rights of users who have special permissions to critical systems and data.
Acronym study
Terms 211–240 of 324 MS-102 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 211
Privileged access management is a cybersecurity practice that controls and monitors the elevated access rights of users who have special permissions to critical systems and data.
Term 212
Privileged Identity Management is a security system that controls, monitors, and audits access to sensitive systems by granting elevated permissions only when needed and for a limited time.
Term 213
A productivity app is a software application designed to help individuals and teams complete tasks efficiently, manage time, and organize work within a business environment.
Term 214
Qualitative risk analysis is a subjective, scenario-based approach to prioritizing information security risks by evaluating their likelihood and potential impact using predefined scales rather than numerical calculations.
Term 215
A quality update policy is a set of rules and schedules that IT administrators use to control which Windows updates are deployed to devices to ensure stability, security, and compatibility.
Term 216
Quantitative risk analysis is a structured process that uses numerical data and statistical methods to calculate the potential financial impact of risks on an organization's assets and projects.
Term 217
Quarantine is a security process that isolates a potentially malicious file, email, or device from the rest of the system to prevent harm while it is analyzed or remediated.
Term 218
RBAC is a method of restricting network access based on the roles of individual users within an organization, where permissions are assigned to roles rather than to individuals directly.
Term 219
Read-access geo-redundant storage (RA-GRS) is a cloud storage replication option that maintains three synchronous copies in one primary region and three asynchronous copies in a secondary region, while allowing read access to the secondary copy even during normal operations.
Term 220
Remote wipe is a security feature that allows an administrator or user to remotely and permanently delete data from a lost or stolen device to prevent unauthorized access.
Term 221
Residual risk is the level of risk that remains after all security controls and countermeasures have been applied.
Term 222
A resource policy is a set of rules that controls who can access a specific cloud resource and what actions they can perform on it.
Term 223
A retention label is a tag applied to emails, documents, or files in Microsoft 365 that tells the system how long to keep the item and what to do with it when the time is up.
Term 224
A retention policy is a set of rules that determines how long an organization keeps its data and what happens to it when the retention period expires.
Term 225
A retry policy is a set of rules that automatically re-attempts a failed operation after a defined interval, up to a maximum number of tries.
Term 226
Risk is the possibility that an event or action will negatively affect an organization's ability to achieve its goals, often measured in terms of likelihood and impact.
Term 227
Risk acceptance is a risk management strategy where an organization acknowledges a potential risk but decides to tolerate it without taking active measures to reduce or eliminate it.
Term 228
Risk appetite is the amount of risk an organization is willing to accept in pursuit of its objectives, defining the boundaries for decision-making.
Term 229
Risk assessment is the process of identifying, analyzing, and evaluating potential threats to an organization's assets to determine the likelihood and impact of those threats, and to decide on appropriate treatment measures.
Term 230
Risk avoidance is a risk management strategy that involves eliminating any activity, process, or technology that introduces a specific risk, rather than trying to reduce or accept it.
Term 231
Risk management is the process of identifying, assessing, and controlling threats to an organization's capital, earnings, and operations, including IT systems and data.
Term 232
Risk mitigation is the process of reducing the likelihood or impact of a potential security threat to an acceptable level through specific controls and actions.
Term 233
A risk register is a formal document that lists and tracks all identified risks to an IT project, system, or organization, including their assessed impact, probability, and planned responses.
Term 234
A risk score is a numerical value that represents the level of risk associated with a given asset, threat, or vulnerability in a security context.
Term 235
Risk tolerance is the amount of risk an organization or individual is willing to accept in pursuit of its objectives, defining the boundary between acceptable and unacceptable losses.
Term 236
Risk transfer is the practice of shifting the financial burden of a potential loss to another party, typically through insurance or contracts.
Term 237
Risk-based access is a security model that dynamically adjusts access permissions based on the assessed risk of each access request, rather than granting a static level of access to all users.
Term 238
Risk-based vulnerability management is a cybersecurity approach that prioritizes the fixing of security weaknesses based on the level of risk they pose to an organization's specific environment, rather than just addressing all vulnerabilities in the order they are found.
Term 239
A role group is a collection of permissions in Microsoft 365 or Azure that bundles multiple administrative roles into a single unit for easier assignment.
Term 240
Rule-based access control (RuBAC) is a method of managing access to resources by evaluating a set of predefined rules that combine conditions such as time, location, device, and user attributes to allow or deny access.