Term 331
HIPAA
HIPAA is a U.S. law that sets national standards for protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.
Acronym study
Terms 331–360 of 863 SC-900 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 331
HIPAA is a U.S. law that sets national standards for protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.
Term 332
A host firewall is a software-based security tool that runs directly on an individual device, such as a laptop, server, or desktop, to monitor and control incoming and outgoing network traffic based on a set of security rules.
Term 333
A hosted zone is a container for DNS records that holds the information needed to route internet traffic for a domain name.
Term 334
A hunting query is a proactive, iterative Kusto Query Language (KQL) query used in Microsoft 365 Defender and Azure Sentinel to search for hidden threats, anomalies, and indicators of compromise across security data.
Term 335
Hybrid identity is an approach that synchronizes and manages user identities across both on-premises directories and cloud-based services, allowing seamless access to resources in both environments.
Term 336
Hypertext Transfer Protocol Secure, or HTTPS, is the secure version of HTTP that encrypts data between a web browser and a website using SSL/TLS to protect sensitive information like passwords and credit card numbers.
Term 337
Hypothesis-driven hunting is a proactive security approach where analysts form educated guesses about potential threats and then actively search for evidence to confirm or refute those guesses.
Term 338
Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources.
Term 339
An IAM group is a collection of IAM users in a cloud or identity system that simplifies permission management by allowing you to assign policies to multiple users at once.
Term 340
An IAM misconfiguration occurs when identity and access management settings are incorrectly set, granting too many or too few permissions to users or services, which can lead to security breaches or operational failures.
Term 341
An IAM policy is a set of rules that determines who can access specific cloud resources and what actions they are allowed to perform.
Term 342
An IAM role is a set of permissions that an entity can assume temporarily to access cloud resources securely.
Term 343
An IAM user is an identity created in AWS Identity and Access Management that represents a person or service interacting with AWS resources, with its own credentials and permissions.
Term 344
ICMP is a network-layer protocol used by network devices to send error messages and operational information about network connectivity.
Term 345
An ICS is a system of networked devices used to monitor and control industrial processes, such as manufacturing or power generation.
Term 346
Idempotency means that an operation can be performed multiple times without changing the result beyond the first application.
Term 347
Identification is the process where a user or device claims an identity, often by providing a username, ID number, or account name, before proving that claim with authentication.
Term 348
Identity is the unique set of attributes that defines a user, device, or service in a computer system, determining what they can access and do.
Term 349
Identity and access management (IAM) is the security discipline that ensures the right individuals access the right resources at the right times for the right reasons.
Term 350
A security model where trust is determined by user identity and context rather than the network location, treating identity itself as the primary boundary for access control.
Term 351
Identity Governance is the policy-based framework that ensures the right people have the right access to the right resources at the right time, with oversight and control.
Term 352
Identity protection is the set of policies, technologies, and practices used to secure digital identities and prevent unauthorized access to systems and data.
Term 353
An identity provider (IdP) is a system that creates, stores, and manages digital identities and authenticates users for other applications and services.
Term 354
An IDS is a security system that monitors network or system traffic for suspicious activity and alerts administrators to potential threats, but does not actively block them.
Term 355
IIoT (Industrial Internet of Things) connects industrial machines and sensors to networks for data collection, analysis, and automation in manufacturing, energy, and utilities.
Term 356
IKE (Internet Key Exchange) is a protocol used to set up a secure, authenticated communication channel between two parties by establishing and managing the Security Associations for IPsec.
Term 357
Impersonation is a security attack where an attacker pretends to be a legitimate person or system to gain unauthorized access, steal data, or commit fraud.
Term 358
Implicit deny is a security rule that automatically blocks any network traffic that is not explicitly allowed by an access control list or firewall rule.
Term 359
An inbound ACL is a set of rules applied to network traffic entering an interface that decides whether to allow or block that traffic based on criteria like source IP, destination port, or protocol.
Term 360
An incident is a security event that violates an organization's policies or threatens its data, systems, or operations, requiring a structured response.