Term 1
2FA
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
Acronym study
Terms 1–30 of 863 SC-900 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 1
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
Term 2
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
Term 3
AAA (Authentication, Authorization, and Accounting) is a security framework that controls who can access a network, what they are allowed to do, and tracks what they did.
Term 4
ABAC (Attribute-Based Access Control) is a method of controlling access to resources by evaluating a set of attributes (such as user role, time, location, and device) against policy rules, rather than using static roles or identities.
Term 5
An acceptable use policy is a set of rules that an organization creates to define how employees and other users may use its computer systems, networks, and data.
Term 6
Access control is the security practice of determining who or what is allowed to view, use, or enter a resource, and under what conditions.
Term 7
An Access Control List is a set of rules that decides which traffic is allowed or denied entry to a network or device.
Term 8
An access key is a unique identifier and secret code pair used to authenticate requests to cloud storage services, ensuring only authorized users or applications can access data.
Term 9
An access port is a switch port that connects to a single end device, like a computer or printer, and carries traffic for only one VLAN.
Term 10
An access review is a periodic audit process where administrators check and confirm which users have permissions to what resources, ensuring only authorized people retain access.
Term 11
A digital key that a computer system gives you to prove your identity and grant you permission to access specific resources or perform actions.
Term 12
Access Transparency is the practice of logging and monitoring all access requests to cloud service provider infrastructure by the provider's personnel, giving customers visibility into who accessed their data and when.
Term 13
The account lifecycle is the complete process of creating, managing, maintaining, and eventually removing a user account in an IT system.
Term 14
Accountability is the security principle that ensures actions and identity are linked so that a person or system can be held responsible for their activities.
Term 15
Accounting in IT identity and access management is the process of tracking and logging what authenticated users do on a system or network.
Term 16
An Access Control List is a set of rules that determines who or what can access specific network resources or data.
Term 17
An administrative control is a policy, procedure, or guideline designed to manage and reduce security risk through people and processes rather than technology alone.
Term 18
An administrative role is a predefined or custom set of permissions in Microsoft 365 that controls what tasks a person can perform in the tenant, such as managing users, resetting passwords, or overseeing security settings.
Term 19
An Administrative unit is a container in Microsoft Entra ID that allows you to delegate administrative permissions over a subset of users, groups, or devices, rather than the entire directory.
Term 20
Advanced Encryption Standard (AES) is a widely used symmetric encryption algorithm that protects electronic data by converting readable information into a scrambled format that can only be unscrambled with the correct secret key.
Term 21
Adware is software that automatically displays or downloads unwanted advertisements, often bundled with free programs, and may track user behavior without clear consent.
Term 22
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
Term 23
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
Term 24
ALE (Annualized Loss Expectancy) is a risk management formula that estimates the yearly monetary loss from a specific threat to an asset.
Term 25
An alert is a notification that something unusual or potentially harmful has happened in a computer system or network.
Term 26
Alert fatigue is the desensitization and overwhelming feeling security analysts experience when they receive so many security alerts that they begin to ignore or miss them.
Term 27
An alerting policy is a set of rules that defines when to send notifications about a system condition that needs attention.
Term 28
An Alias record is a DNS record type that maps a hostname to another hostname, seamlessly routing traffic to AWS resources like load balancers or CloudFront distributions.
Term 29
Anonymization is the process of removing or altering personally identifiable information so that an individual cannot be identified, directly or indirectly, from the remaining data.
Term 30
Ansible is an open-source automation tool that IT professionals use to configure systems, deploy software, and manage infrastructure without needing to install agent software on every managed machine.