Term 121
Technical finding
A technical finding is a specific observation or conclusion drawn from analyzing IT systems, logs, or test results that points to a configuration issue, security vulnerability, or operational inefficiency.
Acronym study
Terms 121–135 of 135 PT0-002 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 121
A technical finding is a specific observation or conclusion drawn from analyzing IT systems, logs, or test results that points to a configuration issue, security vulnerability, or operational inefficiency.
Term 122
theHarvester is an open-source intelligence (OSINT) tool used to gather emails, subdomains, IP addresses, and other public data about a target from search engines and public sources.
Term 123
Third-party authorisation is when a system relies on an external entity to verify a user's identity or permissions before granting access to resources.
Term 124
Threat emulation is the proactive simulation of real-world cyberattacks within a controlled environment to test an organization's defenses, identify vulnerabilities, and improve security posture.
Term 125
A threat model is a structured approach to identifying, analyzing, and prioritizing potential security threats to a system or application.
Term 126
A Trusted Advisor is an IT professional who earns deep client trust through expert guidance, ethical behavior, and a focus on the client’s long-term success rather than just selling products.
Term 127
An unauthenticated scan is a vulnerability assessment performed without providing valid login credentials, simulating an outside attacker's perspective.
Term 128
Vishing is a social engineering attack where criminals use phone calls or voice messages to trick victims into revealing sensitive information.
Term 129
A feature that captures information about the IP traffic going to and from network interfaces in a Virtual Private Cloud (VPC).
Term 130
Vulnerability management is the continuous process of identifying, classifying, prioritizing, and remediating security weaknesses in an organization's IT environment.
Term 131
A vulnerability scanner is an automated tool that identifies security weaknesses in systems, networks, and applications by comparing their configurations and software versions against known vulnerability databases.
Term 132
A web application scan is an automated security test that examines a web application for vulnerabilities that could be exploited by attackers.
Term 133
WHOIS lookup is a query and response protocol used to search databases that store the registration information of domain names and IP address blocks.
Term 134
WPA2 cracking is the process of exploiting weaknesses in the WPA2 wireless security protocol to recover the network password and gain unauthorized access to a Wi-Fi network.
Term 135
Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.