Term 601
Red team
A red team is a group of security professionals who simulate real-world attacks on an organization's systems, people, and facilities to test the effectiveness of its defenses.
Acronym study
Terms 601–630 of 863 SC-900 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 601
A red team is a group of security professionals who simulate real-world attacks on an organization's systems, people, and facilities to test the effectiveness of its defenses.
Term 602
Redundancy is the practice of adding extra components or systems so that if one fails, another can take over without interruption.
Term 603
A trusted, always-active component of a computer's operating system that enforces security policies by checking every access request to files, memory, or devices before allowing it.
Term 604
A refresh token is a special credential used to obtain new access tokens without requiring the user to re-authenticate, enabling long-lived sessions in modern identity systems.
Term 605
A regulatory requirement is a rule issued by a government or industry authority that organizations must follow, often to protect data, ensure safety, or maintain fair practices.
Term 606
A remediation script is an automated set of instructions that detects and fixes common IT security or configuration issues without manual intervention.
Term 607
RADIUS is a network protocol that provides centralized authentication, authorization, and accounting for users trying to connect to a network service.
Term 608
Remote wipe is a security feature that allows an administrator or user to remotely and permanently delete data from a lost or stolen device to prevent unauthorized access.
Term 609
A Reserved Instance is a billing discount applied to your usage of virtual machines or other compute resources when you commit to using a specific configuration for a one- or three-year term.
Term 610
Residual risk is the level of risk that remains after all security controls and countermeasures have been applied.
Term 611
A logical container in Microsoft Azure that holds related resources for an application or solution, enabling unified management, security, and billing.
Term 612
Resource hierarchy is the structured, parent-child ordering of cloud resources that governs access control, policy inheritance, and resource organization across a cloud platform.
Term 613
A resource lock is a cloud governance feature that prevents accidental deletion or modification of critical cloud resources by applying a read-only or delete-only restriction at the resource, resource group, or subscription level.
Term 614
A resource policy is a set of rules that controls who can access a specific cloud resource and what actions they can perform on it.
Term 615
A retention label is a tag applied to emails, documents, or files in Microsoft 365 that tells the system how long to keep the item and what to do with it when the time is up.
Term 616
A retention policy is a set of rules that determines how long an organization keeps its data and what happens to it when the retention period expires.
Term 617
A retry policy is a set of rules that automatically re-attempts a failed operation after a defined interval, up to a maximum number of tries.
Term 618
RFID uses radio waves to wirelessly identify and track tags attached to objects, enabling automatic data capture without line-of-sight.
Term 619
Risk is the possibility that an event or action will negatively affect an organization's ability to achieve its goals, often measured in terms of likelihood and impact.
Term 620
Risk acceptance is a risk management strategy where an organization acknowledges a potential risk but decides to tolerate it without taking active measures to reduce or eliminate it.
Term 621
Risk appetite is the amount of risk an organization is willing to accept in pursuit of its objectives, defining the boundaries for decision-making.
Term 622
Risk assessment is the process of identifying, analyzing, and evaluating potential threats to an organization's assets to determine the likelihood and impact of those threats, and to decide on appropriate treatment measures.
Term 623
Risk avoidance is a risk management strategy that involves eliminating any activity, process, or technology that introduces a specific risk, rather than trying to reduce or accept it.
Term 624
Risk management is the process of identifying, assessing, and controlling threats to an organization's capital, earnings, and operations, including IT systems and data.
Term 625
Risk mitigation is the process of reducing the likelihood or impact of a potential security threat to an acceptable level through specific controls and actions.
Term 626
A risk register is a formal document that lists and tracks all identified risks to an IT project, system, or organization, including their assessed impact, probability, and planned responses.
Term 627
A risk score is a numerical value that represents the level of risk associated with a given asset, threat, or vulnerability in a security context.
Term 628
Risk tolerance is the amount of risk an organization or individual is willing to accept in pursuit of its objectives, defining the boundary between acceptable and unacceptable losses.
Term 629
Risk transfer is the practice of shifting the financial burden of a potential loss to another party, typically through insurance or contracts.
Term 630
Risk-based access is a security model that dynamically adjusts access permissions based on the assessed risk of each access request, rather than granting a static level of access to all users.