Term 211
Detective control
A detective control is a security measure that identifies and reports unwanted or suspicious activity after it has already occurred.
Acronym study
Terms 211–240 of 863 SC-900 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 211
A detective control is a security measure that identifies and reports unwanted or suspicious activity after it has already occurred.
Term 212
A deterrent control is a security measure designed to discourage potential attackers from attempting to breach a system or commit a violation, relying on the perceived threat of consequences.
Term 213
Device compliance is the process of ensuring that a device meets an organization's security and configuration policies before it can access network resources.
Term 214
Device risk is the chance that a computer, phone, or other endpoint could cause a security problem or data leak because it is not properly managed or protected.
Term 215
DevSecOps is a software development practice that integrates security into every phase of the DevOps lifecycle, making security a shared responsibility from the start.
Term 216
A DHCP pool is a reserved set of IP addresses that a DHCP server can assign to devices on a network automatically when they request a connection.
Term 217
A DHCP server is a network device or service that automatically assigns IP addresses and other network configuration parameters to devices on a network, eliminating the need for manual configuration.
Term 218
DHCP snooping is a network security feature that filters untrusted DHCP messages to prevent rogue DHCP servers from giving out false IP addresses.
Term 219
The Diamond model is a framework for analyzing cybersecurity intrusions by examining four key components: adversary, capability, infrastructure, and victim.
Term 220
A digital certificate is an electronic document that verifies the identity of a person, device, or website and enables secure encrypted communication over the internet.
Term 221
A digital identity is the online representation of a person, device, or entity used to authenticate and authorize access to digital resources.
Term 222
Digital Rights Management (DRM) is a set of technologies used to control how digital content like music, movies, ebooks, or software is accessed, copied, or shared.
Term 223
AWS Direct Connect is a cloud service that lets you create a dedicated private network link from your on-premises data center to AWS, bypassing the public internet for more consistent and secure connectivity.
Term 224
A Disaster Recovery Plan (DRP) is a documented, structured approach that outlines how an organization can quickly resume critical IT systems and operations after a disruptive event.
Term 225
Disk encryption is the process of converting data on a storage device into a coded form that can only be read with the correct decryption key, protecting it from unauthorized access.
Term 226
A cyberattack where many compromised computers flood a target system with traffic, making it unavailable to legitimate users.
Term 227
Data Loss Prevention — security technology that detects and prevents unauthorised transmission of sensitive data outside an organisation.
Term 228
A DLP policy is a set of rules that an organization uses to prevent sensitive data from being lost, stolen, or accidentally exposed, whether it is in use, in motion, or at rest.
Term 229
A DMZ (demilitarized zone) is a network segment that sits between an internal private network and the public internet, hosting publicly accessible services while keeping the internal network isolated.
Term 230
DNS is the system that translates human-friendly domain names like example.com into machine-readable IP addresses so computers can find each other on a network.
Term 231
A DNS log is a record of all Domain Name System queries and responses that pass through a server, providing a trail of which domains were requested, by whom, and when.
Term 232
DNS over HTTPS is a protocol that sends Domain Name System queries and responses over the encrypted HTTPS protocol to protect user privacy and prevent tampering.
Term 233
DNS over TLS encrypts DNS queries using the Transport Layer Security protocol to prevent eavesdropping and tampering.
Term 234
DNS poisoning is a cyberattack that corrupts a DNS resolver's cache with false information, redirecting users to malicious websites without their knowledge.
Term 235
A DNS record is a set of instructions stored on a DNS server that tells clients how to interact with a domain, most commonly by mapping a human-readable domain name to an IP address.
Term 236
DNSSEC adds cryptographic signatures to DNS records to ensure data authenticity and integrity, preventing cache poisoning and spoofing attacks.
Term 237
DoH encrypts DNS queries within HTTPS traffic to prevent eavesdropping and manipulation of domain name resolution.
Term 238
A set of protocols that add digital signatures to DNS data to verify its authenticity and integrity.
Term 239
Domain verification is the process of proving that you own or control a specific domain name so that you can use it with a service like Microsoft 365.
Term 240
DMARC is an email authentication protocol that helps prevent spoofing and phishing by verifying that incoming email really comes from the domain it claims to be from and tells receiving servers what to do if verification fails.