Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Microsoft Security, Compliance, and Identity Fundamentals SC-900/Acronyms/Part 2

Acronym study

SC-900 Acronyms — Part 2 of 29

Terms 31–60 of 863 SC-900 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 1Part 2 of 29Part 3 →

Term 31

Anti-malware

Anti-malware is software that detects, prevents, and removes malicious software from computers, networks, and devices.

Full entry →
Full Anti-malware glossary entry →

Term 32

Anti-malware policy

An anti-malware policy is a set of rules and procedures that an organization enforces to prevent, detect, and remove malicious software from its computers and networks.

Full entry →
Full Anti-malware policy glossary entry →

Term 33

Anti-phishing policy

An anti-phishing policy is a set of rules and technical controls that organizations use to detect, block, and respond to email or message-based attacks that trick users into revealing sensitive information.

Full entry →
Full Anti-phishing policy glossary entry →

Term 34

Anti-spam policy

An anti-spam policy is a set of rules and filters used by email systems to automatically detect and block unwanted, unsolicited, or harmful messages before they reach a user's inbox.

Full entry →
Full Anti-spam policy glossary entry →

Term 35

Antivirus

Antivirus is software that detects, prevents, and removes malicious software (malware) from a computer or network.

Full entry →
Full Antivirus glossary entry →

Term 36

API security

API security is the practice of protecting application programming interfaces from attacks by ensuring only authorized users and applications can access data and functions.

Full entry →
Full API security glossary entry →

Term 37

App protection policy

An app protection policy is a set of rules that controls how data is handled and secured within mobile applications, ensuring corporate information stays safe even on personal devices.

Full entry →
Full App protection policy glossary entry →

Term 38

AppArmor

AppArmor is a Linux kernel security module that restricts programs to a predefined set of resources using mandatory access control (MAC) policies.

Full entry →
Full AppArmor glossary entry →

Term 39

Application deployment

Application deployment is the process of making a software application available for use, typically by installing, configuring, and activating it on target devices or servers.

Full entry →
Full Application deployment glossary entry →

Term 40

Application Security Group

An Application Security Group (ASG) is a cloud networking feature that groups virtual machines logically and allows you to apply security rules based on the application workload, rather than individual IP addresses.

Full entry →
Full Application Security Group glossary entry →

Term 41

ARM template

An ARM template is a JSON file that defines the infrastructure and configuration for Azure resources, enabling repeatable and consistent deployments.

Full entry →
Full ARM template glossary entry →

Term 42

ARO

ARO stands for Annualized Rate of Occurrence, a number that estimates how often a specific threat or risk event is expected to happen in a single year.

Full entry →
Full ARO glossary entry →

Term 43

ARP poisoning

ARP poisoning is a network attack where an attacker sends fake Address Resolution Protocol messages to link their MAC address with a legitimate IP address, enabling them to intercept, modify, or stop data on a local network.

Full entry →
Full ARP poisoning glossary entry →

Term 44

Artifact Registry

Artifact Registry is a managed service for storing, managing, and securing container images and other software packages in a centralized repository.

Full entry →
Full Artifact Registry glossary entry →

Term 45

Asset

In IT and cybersecurity, an asset is anything valuable that an organization owns or controls, including data, hardware, software, people, and intellectual property.

Full entry →
Full Asset glossary entry →

Term 46

Asset valuation

Asset valuation is the process of determining the financial worth of an organization's information assets, often used to prioritize security controls and allocate protection resources effectively.

Full entry →
Full Asset valuation glossary entry →

Term 47

Assume breach

Assume breach is a security mindset where an organization operates as if attackers have already compromised their network, shifting focus to rapid detection, containment, and damage limitation rather than only prevention.

Full entry →
Full Assume breach glossary entry →

Term 48

Assured Workloads

Assured Workloads is a set of cloud security controls that help organizations run sensitive workloads in a trusted, verified environment on Google Cloud.

Full entry →
Full Assured Workloads glossary entry →

Term 49

Asymmetric encryption

Asymmetric encryption is a cryptographic method that uses a pair of keys—a public key for encryption and a private key for decryption—to securely exchange data without sharing a secret.

Full entry →
Full Asymmetric encryption glossary entry →

Term 50

Attack chain

The attack chain (or kill chain) is a model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.

Full entry →
Full Attack chain glossary entry →

Term 51

Attack simulation training

Attack simulation training is a Microsoft 365 security tool that lets IT administrators run realistic phishing and password-attack campaigns against their own users to identify vulnerabilities and improve security awareness.

Full entry →
Full Attack simulation training glossary entry →

Term 52

Attack surface reduction

Attack surface reduction is a set of security practices that minimizes the number of ways an attacker can access or exploit a system by removing unnecessary features, locking down configurations, and controlling software behavior.

Full entry →
Full Attack surface reduction glossary entry →

Term 53

Audit

An audit is a systematic, independent review of IT systems, processes, and controls to verify compliance with policies, standards, and regulations.

Full entry →
Full Audit glossary entry →

Term 54

Audit log

An audit log is a chronological record of security-relevant events and user activities within a system, used for monitoring, compliance, and forensic analysis.

Full entry →
Full Audit log glossary entry →

Term 55

Audit trail

An audit trail is a chronological record of events, changes, or activities in a system that provides evidence of who did what, when, and from where.

Full entry →
Full Audit trail glossary entry →

Term 56

Authentication

Authentication is the process of verifying that someone or something is who or what it claims to be before granting access to a system or resource.

Full entry →
Full Authentication glossary entry →

Term 57

Authentication Authorization and Accounting

Authentication, Authorization, and Accounting (AAA) is a security framework that controls who can access a network or system, what they are allowed to do, and tracks what they actually did.

Full entry →
Full Authentication Authorization and Accounting glossary entry →

Term 58

Authentication log

An authentication log is a record of all attempts to verify a user's identity when accessing a system, including successes, failures, and associated metadata.

Full entry →
Full Authentication log glossary entry →

Term 59

Authentication strength

Authentication strength is a measure of how resistant a login process is to unauthorized access, combining the type, number, and quality of credentials required.

Full entry →
Full Authentication strength glossary entry →

Term 60

Authenticator app

An authenticator app is a software application on your phone or computer that generates temporary codes used to prove your identity when logging into online accounts.

Full entry →
Full Authenticator app glossary entry →
← Part 1Part 3 →

Acronym parts

Part 1Part 2currentPart 3Part 4Part 5Part 6Part 7Part 8Part 9Part 10Part 11Part 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19Part 20Part 21Part 22Part 23Part 24Part 25Part 26Part 27Part 28Part 29

Study resources

All SC-900 Acronyms→SC-900 Practice Tests→SC-900 Study Guide→Exam Domains→