Term 391
Privilege escalation
Privilege escalation is when a user or attacker gains more access or control over a system than they are supposed to have.
Acronym study
Terms 391–420 of 610 SY0-701 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 391
Privilege escalation is when a user or attacker gains more access or control over a system than they are supposed to have.
Term 392
Privileged access is a special level of permission that allows a user or system to perform high-impact actions like installing software, changing system settings, or accessing sensitive data across an IT environment.
Term 393
Privileged access management is a cybersecurity practice that controls and monitors the elevated access rights of users who have special permissions to critical systems and data.
Term 394
A documented set of step-by-step instructions for performing a specific task or handling a particular situation in an IT environment.
Term 395
Provisioning is the process of setting up and configuring IT resources, such as user accounts, devices, or network services, so they are ready for use.
Term 396
A proxy is an intermediary server that sits between a client and a destination server, forwarding requests and responses while providing security, privacy, and control.
Term 397
A pre-shared key (PSK) is a secret string of characters shared in advance between two parties to authenticate and encrypt wireless or VPN communications.
Term 398
A globally unique IP address assigned to a device that allows it to communicate directly over the internet.
Term 399
Public Key Infrastructure is a system of policies, roles, hardware, and software that manages digital certificates and public-key encryption to secure communications and verify identities online.
Term 400
A public subnet is a segment of a cloud Virtual Private Cloud (VPC) or traditional network that has a direct route to the internet via an Internet Gateway, allowing resources within it to send and receive traffic from the public internet.
Term 401
A purple team is a collaborative approach in cybersecurity where the offensive (red) and defensive (blue) teams work together to improve an organization's security posture by sharing insights and tactics.
Term 402
Qualitative risk analysis is a subjective, scenario-based approach to prioritizing information security risks by evaluating their likelihood and potential impact using predefined scales rather than numerical calculations.
Term 403
A quality update policy is a set of rules and schedules that IT administrators use to control which Windows updates are deployed to devices to ensure stability, security, and compatibility.
Term 404
Quantitative risk analysis is a structured process that uses numerical data and statistical methods to calculate the potential financial impact of risks on an organization's assets and projects.
Term 405
Quantum computing is a type of computation that uses quantum bits (qubits) and principles of quantum mechanics to process information in ways that classical computers cannot.
Term 406
Radio Frequency Identification (RFID) is a wireless technology that uses radio waves to automatically identify and track tags attached to objects, people, or animals without requiring direct line-of-sight.
Term 407
RADIUS is a network protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service.
Term 408
A rainbow table is a precomputed list of password hashes used to reverse weak passwords quickly without guessing each one live.
Term 409
Ransomware is a type of malicious software that encrypts a victim's files or locks them out of their system, demanding payment, usually in cryptocurrency, to restore access.
Term 410
RBAC is a method of restricting network access based on the roles of individual users within an organization, where permissions are assigned to roles rather than to individuals directly.
Term 411
Read-access geo-redundant storage (RA-GRS) is a cloud storage replication option that maintains three synchronous copies in one primary region and three asynchronous copies in a secondary region, while allowing read access to the secondary copy even during normal operations.
Term 412
Recovery point objective (RPO) is the maximum acceptable amount of data loss measured in time, determining how frequently backups must be taken.
Term 413
Recovery time objective (RTO) is the maximum acceptable time that an IT system can be offline after a failure before the business is severely impacted.
Term 414
A red team is a group of security professionals who simulate real-world attacks on an organization's systems, people, and facilities to test the effectiveness of its defenses.
Term 415
A refresh token is a special credential used to obtain new access tokens without requiring the user to re-authenticate, enabling long-lived sessions in modern identity systems.
Term 416
A remediation recommendation is a prioritized, actionable suggestion for fixing a security vulnerability, misconfiguration, or compliance gap identified during an assessment or scan.
Term 417
RADIUS is a network protocol that provides centralized authentication, authorization, and accounting for users trying to connect to a network service.
Term 418
Remote Desktop Protocol is a technology that lets you connect to and control another computer from a different location, as if you were sitting in front of it.
Term 419
Residual risk is the level of risk that remains after all security controls and countermeasures have been applied.
Term 420
A resource policy is a set of rules that controls who can access a specific cloud resource and what actions they can perform on it.