Term 31
Anti-malware
Anti-malware is software that detects, prevents, and removes malicious software from computers, networks, and devices.
Acronym study
Terms 31–60 of 863 SC-900 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 31
Anti-malware is software that detects, prevents, and removes malicious software from computers, networks, and devices.
Term 32
An anti-malware policy is a set of rules and procedures that an organization enforces to prevent, detect, and remove malicious software from its computers and networks.
Term 33
An anti-phishing policy is a set of rules and technical controls that organizations use to detect, block, and respond to email or message-based attacks that trick users into revealing sensitive information.
Term 34
An anti-spam policy is a set of rules and filters used by email systems to automatically detect and block unwanted, unsolicited, or harmful messages before they reach a user's inbox.
Term 35
Antivirus is software that detects, prevents, and removes malicious software (malware) from a computer or network.
Term 36
API security is the practice of protecting application programming interfaces from attacks by ensuring only authorized users and applications can access data and functions.
Term 37
An app protection policy is a set of rules that controls how data is handled and secured within mobile applications, ensuring corporate information stays safe even on personal devices.
Term 38
AppArmor is a Linux kernel security module that restricts programs to a predefined set of resources using mandatory access control (MAC) policies.
Term 39
Application deployment is the process of making a software application available for use, typically by installing, configuring, and activating it on target devices or servers.
Term 40
An Application Security Group (ASG) is a cloud networking feature that groups virtual machines logically and allows you to apply security rules based on the application workload, rather than individual IP addresses.
Term 41
An ARM template is a JSON file that defines the infrastructure and configuration for Azure resources, enabling repeatable and consistent deployments.
Term 42
ARO stands for Annualized Rate of Occurrence, a number that estimates how often a specific threat or risk event is expected to happen in a single year.
Term 43
ARP poisoning is a network attack where an attacker sends fake Address Resolution Protocol messages to link their MAC address with a legitimate IP address, enabling them to intercept, modify, or stop data on a local network.
Term 44
Artifact Registry is a managed service for storing, managing, and securing container images and other software packages in a centralized repository.
Term 45
In IT and cybersecurity, an asset is anything valuable that an organization owns or controls, including data, hardware, software, people, and intellectual property.
Term 46
Asset valuation is the process of determining the financial worth of an organization's information assets, often used to prioritize security controls and allocate protection resources effectively.
Term 47
Assume breach is a security mindset where an organization operates as if attackers have already compromised their network, shifting focus to rapid detection, containment, and damage limitation rather than only prevention.
Term 48
Assured Workloads is a set of cloud security controls that help organizations run sensitive workloads in a trusted, verified environment on Google Cloud.
Term 49
Asymmetric encryption is a cryptographic method that uses a pair of keys—a public key for encryption and a private key for decryption—to securely exchange data without sharing a secret.
Term 50
The attack chain (or kill chain) is a model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.
Term 51
Attack simulation training is a Microsoft 365 security tool that lets IT administrators run realistic phishing and password-attack campaigns against their own users to identify vulnerabilities and improve security awareness.
Term 52
Attack surface reduction is a set of security practices that minimizes the number of ways an attacker can access or exploit a system by removing unnecessary features, locking down configurations, and controlling software behavior.
Term 53
An audit is a systematic, independent review of IT systems, processes, and controls to verify compliance with policies, standards, and regulations.
Term 54
An audit log is a chronological record of security-relevant events and user activities within a system, used for monitoring, compliance, and forensic analysis.
Term 55
An audit trail is a chronological record of events, changes, or activities in a system that provides evidence of who did what, when, and from where.
Term 56
Authentication is the process of verifying that someone or something is who or what it claims to be before granting access to a system or resource.
Term 57
Authentication, Authorization, and Accounting (AAA) is a security framework that controls who can access a network or system, what they are allowed to do, and tracks what they actually did.
Term 58
An authentication log is a record of all attempts to verify a user's identity when accessing a system, including successes, failures, and associated metadata.
Term 59
Authentication strength is a measure of how resistant a login process is to unauthorized access, combining the type, number, and quality of credentials required.
Term 60
An authenticator app is a software application on your phone or computer that generates temporary codes used to prove your identity when logging into online accounts.