Term 481
Security kernel
The security kernel is the core, trusted part of an operating system that enforces access control and security policies for all system operations.
Acronym study
Terms 481–510 of 610 SY0-701 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 481
The security kernel is the core, trusted part of an operating system that enforces access control and security policies for all system operations.
Term 482
Security misconfiguration occurs when security settings are defined, implemented, or maintained incorrectly, leaving systems, applications, or networks vulnerable to unauthorized access or data breaches.
Term 483
A security model is a formal framework that defines how subjects (users, processes) can access objects (files, resources) based on rules, ensuring confidentiality, integrity, and availability.
Term 484
A Security Operations Center (SOC) is a centralized team and facility that monitors, detects, analyzes, and responds to cybersecurity incidents across an organization's IT environment 24/7.
Term 485
The Security pillar is a set of best practices for designing and operating cloud systems that protect data, systems, and assets through confidentiality, integrity, and availability controls.
Term 486
A security policy is a formal set of rules and guidelines that an organization establishes to protect its information assets and technology resources.
Term 487
An organization's overall cybersecurity strength, including policies, controls, and readiness to defend against and respond to threats.
Term 488
A security recommendation is a prescribed action, configuration, or update that aims to reduce risk and protect systems, data, and users from known threats or vulnerabilities.
Term 489
A security strategy is a high-level plan that outlines how an organization protects its information assets, aligns security with business goals, and manages risk over time.
Term 490
A security update is a software patch released to fix a vulnerability that could be exploited by attackers to compromise a system.
Term 491
A segment is a division of a larger network, such as a collision domain, broadcast domain, or a portion of a TCP data stream, used to organize traffic and improve performance.
Term 492
Sender Policy Framework (SPF) is an email authentication method that prevents spammers from sending emails that appear to come from your domain by listing which servers are allowed to send email for that domain.
Term 493
Serverless security is the practice of protecting applications that run on serverless computing platforms, where the cloud provider manages the infrastructure and the customer is responsible for securing the code, data, and access controls.
Term 494
A service account is a special type of account used by an application or a virtual machine, rather than a human user, to authenticate and interact with cloud services and APIs securely.
Term 495
A Service Control Policy (SCP) is a centralized governance tool in AWS Organizations that allows you to define and enforce maximum permissions for all accounts in an organization, acting as a security guardrail that limits what actions principals can perform.
Term 496
A session token is a unique identifier generated by a server that allows a user to remain authenticated without re-entering their credentials during a single browsing session.
Term 497
SFTP (Secure File Transfer Protocol) is a network protocol that provides secure file transfer over SSH, encrypting both commands and data.
Term 498
SHA-256 is a cryptographic hash function that takes any input data and produces a fixed 256-bit string of characters, like a unique digital fingerprint, used to verify data integrity and secure passwords.
Term 499
SHA-3 is the latest member of the Secure Hash Algorithm family, a standardized cryptographic hash function used to ensure data integrity and authenticity in IT systems.
Term 500
Shared access is a permission model where multiple users, systems, or services are granted common access rights to a resource such as a file, database, network drive, or cloud storage.
Term 501
A shared access signature (SAS) is a secure, time-limited URL that grants granular access to specific resources in cloud storage, allowing you to delegate permissions without sharing your account keys.
Term 502
A shared account is a user account that is used by multiple people instead of being assigned to a single individual.
Term 503
A Shared VPC allows multiple projects or accounts within a cloud environment to use the same Virtual Private Cloud (VPC) network, enabling centralized management and isolation of resources.
Term 504
Shift left security is the practice of integrating security testing and controls earlier in the software development lifecycle, rather than waiting until after deployment.
Term 505
A social engineering attack where an attacker observes a victim's screen or keyboard to steal passwords or sensitive information.
Term 506
SIEM (Security Information and Event Management) is a system that collects and analyzes log data from across an IT environment to detect and respond to security threats in real time.
Term 507
A SIEM query is a search command used in a Security Information and Event Management system to find, filter, and analyze security-related log data from across an organization's IT environment.
Term 508
A forged Kerberos service ticket that grants access to a specific service in a Windows domain without requiring the user's password.
Term 509
SMB is a network file-sharing protocol that allows applications to read, write, and request services from server programs in a computer network.
Term 510
Smishing is a social engineering attack that uses deceptive text messages to trick recipients into revealing sensitive information or installing malware.