Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Microsoft Security, Compliance, and Identity Fundamentals SC-900/Acronyms/Part 6

Acronym study

SC-900 Acronyms — Part 6 of 29

Terms 151–180 of 863 SC-900 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 5Part 6 of 29Part 7 →

Term 151

Compliance scan

A compliance scan is an automated security assessment that checks systems, networks, and applications against a defined set of regulatory or organizational standards to verify adherence to required policies.

Full entry →
Full Compliance scan glossary entry →

Term 152

Compliance state

Compliance state is the current status of a system, application, or device indicating whether it meets a defined set of security policies, regulatory requirements, or configuration standards.

Full entry →
Full Compliance state glossary entry →

Term 153

Conditional access

Conditional access is a security framework that evaluates signals like user location, device health, and risk level to grant or block access to resources in real time.

Full entry →
Full Conditional access glossary entry →

Term 154

Conditional Access integration

Conditional Access integration is a security framework that evaluates signals such as user identity, location, device state, and application sensitivity to grant or block access to resources before a session is established.

Full entry →
Full Conditional Access integration glossary entry →

Term 155

Conditional Access policy

A Conditional Access policy is a set of rules in Microsoft Entra ID that automatically grants or blocks access to cloud apps based on signals like user identity, location, device health, and risk level.

Full entry →
Full Conditional Access policy glossary entry →

Term 156

Confidentiality

Confidentiality means keeping sensitive information secret and accessible only to authorized people or systems.

Full entry →
Full Confidentiality glossary entry →

Term 157

Confidentiality Integrity and Availability

The CIA Triad is a foundational security model that ensures data is kept secret, unaltered, and accessible when needed.

Full entry →
Full Confidentiality Integrity and Availability glossary entry →

Term 158

Configuration backup

A configuration backup is a saved copy of a device's settings, such as router interfaces, firewall rules, or switch VLANs, that can be restored if the device fails or is misconfigured.

Full entry →
Full Configuration backup glossary entry →

Term 159

Configuration drift

Configuration drift is the gradual, unplanned change in a system's configuration settings over time, causing it to deviate from its original or desired state.

Full entry →
Full Configuration drift glossary entry →

Term 160

Configuration profile

A configuration profile is a set of settings and policies that can be applied remotely to devices to enforce security, compliance, and customization rules.

Full entry →
Full Configuration profile glossary entry →

Term 161

Container Analysis

Container Analysis is the process of examining container images and running containers for security vulnerabilities, misconfigurations, and compliance issues before deployment.

Full entry →
Full Container Analysis glossary entry →

Term 162

Container escape

A container escape is a security exploit where an attacker breaks out of the isolated environment of a container to gain unauthorized access to the host operating system or other containers.

Full entry →
Full Container escape glossary entry →

Term 163

Container scanning

Container scanning is the automated process of inspecting container images for known security vulnerabilities, misconfigurations, and compliance issues before they are deployed.

Full entry →
Full Container scanning glossary entry →

Term 164

Container security

Container security is the practice of protecting containerized applications and their underlying infrastructure from threats throughout the entire lifecycle.

Full entry →
Full Container security glossary entry →

Term 165

Containment

Containment is the incident response phase where security teams isolate a compromised system or network to prevent the threat from spreading further while preserving evidence.

Full entry →
Full Containment glossary entry →

Term 166

Contributor role

The Contributor role is a built-in Azure role that grants full access to manage resources within a scope but does not allow granting access to other users.

Full entry →
Full Contributor role glossary entry →

Term 167

Control plane

The control plane is the part of a network that makes decisions about how data should be forwarded, defining routes and policies without actually moving the data itself.

Full entry →
Full Control plane glossary entry →

Term 168

Copilot for Microsoft 365

Copilot for Microsoft 365 is an AI assistant integrated into Microsoft 365 apps that helps users create documents, analyze data, summarize communications, and automate tasks using natural language prompts.

Full entry →
Full Copilot for Microsoft 365 glossary entry →

Term 169

Corrective control

A security measure that acts after an incident to limit damage, restore operations, and prevent recurrence.

Full entry →
Full Corrective control glossary entry →

Term 170

Correlation rule

A correlation rule is a set of conditions in a security information and event management (SIEM) system that combines multiple log events from different sources to detect complex threats or patterns that a single event would miss.

Full entry →
Full Correlation rule glossary entry →

Term 171

Cost Explorer

Cost Explorer is an AWS tool that lets you visualize, understand, and manage your AWS spending and usage over time.

Full entry →
Full Cost Explorer glossary entry →

Term 172

Cost Management

Cost Management is the practice of planning, controlling, and optimizing spending on cloud resources to stay within budget and maximize value.

Full entry →
Full Cost Management glossary entry →

Term 173

Countermeasure

A countermeasure is any action, device, procedure, or technique that reduces a threat, vulnerability, or risk to an acceptable level.

Full entry →
Full Countermeasure glossary entry →

Term 174

Covert channel

A covert channel is a hidden communication path that allows data to be transferred in ways that violate a system's security policy, often by using resources not intended for communication.

Full entry →
Full Covert channel glossary entry →

Term 175

Cross-site request forgery

Cross-site request forgery (CSRF) is a web security vulnerability that tricks a user into unknowingly performing actions on a website where they are already authenticated.

Full entry →
Full Cross-site request forgery glossary entry →

Term 176

Cross-site scripting

Cross-site scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, often to steal data or hijack sessions.

Full entry →
Full Cross-site scripting glossary entry →

Term 177

CSRF

Cross-Site Request Forgery is an attack that tricks a user into performing an unwanted action on a web application where they are currently authenticated.

Full entry →
Full CSRF glossary entry →

Term 178

Custom domain

A custom domain is a personalized internet address (like contoso.com) that you can use with cloud services instead of the default domain provided by the service provider.

Full entry →
Full Custom domain glossary entry →

Term 179

Customer Lockbox

Customer Lockbox is a Microsoft 365 service that gives customers explicit control over granting Microsoft support engineers temporary access to their tenant data for troubleshooting and issue resolution.

Full entry →
Full Customer Lockbox glossary entry →

Term 180

DAC

Discretionary Access Control is a security model where the owner of a resource decides who can access it and what permissions they have.

Full entry →
Full DAC glossary entry →
← Part 5Part 7 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6currentPart 7Part 8Part 9Part 10Part 11Part 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19Part 20Part 21Part 22Part 23Part 24Part 25Part 26Part 27Part 28Part 29

Study resources

All SC-900 Acronyms→SC-900 Practice Tests→SC-900 Study Guide→Exam Domains→