Every IT certification exam tests vocabulary as much as it tests concepts. A term you can almost define costs marks — and confusing a subnet mask with a CIDR block, or a DR with an RTO, tells the exam software you're guessing. This glossary was built specifically to fix that.
Each of the 3,135 entries here is written for exam candidates, not for engineers who already know the material. You'll find a plain-English definition, a real-world example, the most common exam trap associated with the term, and a memory hook you can actually use on test day. Terms are tagged by exam so you can filter to exactly what you're studying.
Coverage spans CompTIA (A+, Network+, Security+, CySA+, PenTest+), Microsoft Azure (AZ-900 through AZ-400), AWS (CLF-C02, SAA-C03, DVA-C02), Cisco CCNA, ISC2 CISSP, and Google Cloud — all in one searchable index.
Hardware, networking, cybersecurity, and Linux fundamentals for A+, Network+, Security+, CySA+, and PenTest+.
Azure cloud services, identity, compliance, AI, and Microsoft 365 administration across AZ-900, AZ-104, SC-900, and more.
Amazon Web Services core services, architecture patterns, and operations for CLF-C02, SAA-C03, DVA-C02, and SOA-C02.
Routing, switching, VLANs, OSPF, STP, ACLs, and network fundamentals for the CCNA 200-301 exam.
Enterprise security management, risk, cryptography, and governance for CISSP and the ISC2 CC entry-level certification.
GCP infrastructure, Kubernetes, BigQuery, and cloud architecture for Google CDL, ACE, and Professional Cloud Architect.
/dev
/dev is a special directory in Unix-like operating systems that contains files representing every hardware device and virtual device connected to the system.
/etc/group
/etc/group is a system file on Linux/Unix that stores information about user groups, including group names, passwords (if any), group IDs, and their member lists.
/etc/hosts
A local text file on Unix-like operating systems that manually maps hostnames to IP addresses, overriding DNS for specified entries.
/etc/passwd
A system file on Unix-like operating systems that stores essential user account information, including usernames, user IDs, and default shell settings.
/etc/resolv.conf
/etc/resolv.conf is a configuration file on Linux and Unix-like systems that tells the computer which Domain Name System (DNS) servers to use when converting domain names like google.com into IP addresses.
/etc/shadow
The /etc/shadow file is a system file that stores encrypted user password hashes and related security data on Linux and Unix-like operating systems.
/proc
A virtual filesystem in Linux that provides real-time information about running processes and system resources.
/sys
/sys is a virtual filesystem in Linux (sysfs) that exposes kernel objects, devices, drivers, and system information as files and directories for user-space interaction.
2-in-1 laptop
A 2-in-1 laptop is a portable computer that can switch between a traditional laptop form and a tablet form, usually by detaching or rotating the keyboard.
24-pin motherboard connector
The 24-pin motherboard connector is the main power cable that connects the computer's power supply unit (PSU) to the motherboard, supplying electricity to the motherboard and its components.
2FA
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
32-bit File Allocation Table
32-bit File Allocation Table (FAT32) is a file system that organizes data on storage devices like hard drives and USB flash drives using a 32-bit addressing scheme to track where files are stored.
3D printer
A 3D printer is a device that creates physical objects by depositing layers of material based on a digital model.
8-pin CPU connector
The 8-pin CPU connector is a power cable from the power supply that delivers dedicated electricity to the processor on a computer's motherboard.
802.1Q
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
802.1X Authentication
802.1X is a network access control protocol that prevents unauthorized devices from connecting to a wired or wireless network by requiring them to authenticate before gaining access.
A Address (DNS Record)
An A record is a DNS record that maps a domain name to the IPv4 address of the server hosting that domain.
A record
An A record is a type of DNS resource record that maps a domain name to an IPv4 address.
A/B testing
A/B testing is a controlled experiment that compares two versions of a single variable to determine which one performs better against a predefined metric.
AAA
AAA (Authentication, Authorization, and Accounting) is a security framework that controls who can access a network, what they are allowed to do, and tracks what they did.
AAA on Cisco Devices
AAA on Cisco devices is a security framework that controls who can access the network, what they can do, and keeps a record of their actions.
AAAA record
An AAAA record is a DNS record that maps a domain name to an IPv6 address, allowing devices to find each other over the internet using the newer IP addressing system.
ABAC
ABAC (Attribute-Based Access Control) is a method of controlling access to resources by evaluating a set of attributes (such as user role, time, location, and device) against policy rules, rather than using static roles or identities.
ABR
An Area Border Router is an OSPF router that connects multiple OSPF areas, including the backbone area, and exchanges routing information between them.
Acceptable use policy
An acceptable use policy is a set of rules that an organization creates to define how employees and other users may use its computer systems, networks, and data.
Accepted domain
An accepted domain in Microsoft 365 is any SMTP domain for which the organization can send and receive email messages.
Access control
Access control is the security practice of determining who or what is allowed to view, use, or enter a resource, and under what conditions.
Access Control List
An Access Control List is a set of rules that decides which traffic is allowed or denied entry to a network or device.
Access key
An access key is a unique identifier and secret code pair used to authenticate requests to cloud storage services, ensuring only authorized users or applications can access data.
Access Point
An access point is a device that creates a wireless local area network, usually by connecting to a wired network and broadcasting a Wi-Fi signal for computers, phones, and tablets to join.
Access port
An access port is a switch port that connects to a single end device, like a computer or printer, and carries traffic for only one VLAN.
Access review
An access review is a periodic audit process where administrators check and confirm which users have permissions to what resources, ensuring only authorized people retain access.
Access token
A digital key that a computer system gives you to prove your identity and grant you permission to access specific resources or perform actions.
Access Transparency
Access Transparency is the practice of logging and monitoring all access requests to cloud service provider infrastructure by the provider's personnel, giving customers visibility into who accessed their data and when.
Account lifecycle
The account lifecycle is the complete process of creating, managing, maintaining, and eventually removing a user account in an IT system.
Account lockout
Account lockout is a security feature that temporarily disables a user account after a set number of failed login attempts to prevent unauthorized access.
Accountability
Accountability is the security principle that ensures actions and identity are linked so that a person or system can be held responsible for their activities.
Accounting
Accounting in IT identity and access management is the process of tracking and logging what authenticated users do on a system or network.
ACL
An Access Control List is a set of rules that determines who or what can access specific network resources or data.
ACL for Routing Protocols
An ACL for Routing Protocols is a set of rules used to filter routing updates between routers, controlling which network routes are advertised or accepted to improve security and stability.
Action group
An Action group is a collection of notification and automation settings that defines how an Azure Monitor alert responds when triggered, such as who gets emailed, which phone numbers get called, or which automated tasks run.
Active reconnaissance
Active reconnaissance is the process of directly interacting with a target system or network to gather information, often through scanning and probing.
Active-active
Active-active is a high-availability architecture where two or more nodes run workloads simultaneously and share the load, ensuring continuous service even if one node fails.
Active-passive
Active-passive is a high-availability architecture where one system handles all active workloads while an identical passive system remains on standby, ready to take over if the active system fails.
Activity log
An activity log is a record of all operations performed on Azure resources, capturing who did what, when, and where, for auditing and troubleshooting purposes.
Address Resolution Protocol
Address Resolution Protocol (ARP) is a network protocol that maps a device's IP address to its physical MAC address so data can travel across a local network.
Administrative control
An administrative control is a policy, procedure, or guideline designed to manage and reduce security risk through people and processes rather than technology alone.
Administrative distance
Administrative distance is a number that a router uses to decide which routing protocol's route to trust when it learns about the same destination from multiple different routing protocols.
Administrative Distance Manipulation
Administrative distance manipulation is the practice of changing the trustworthiness value that a router uses to choose between different routing protocols when more than one provides a route to the same destination.
Administrative role
An administrative role is a predefined or custom set of permissions in Microsoft 365 that controls what tasks a person can perform in the tenant, such as managing users, resetting passwords, or overseeing security settings.
Administrative template
An administrative template is a file used by Windows group policy to control registry-based settings for applications and the operating system, allowing administrators to enforce configuration policies across a network.
Administrative unit
An Administrative unit is a container in Microsoft Entra ID that allows you to delegate administrative permissions over a subset of users, groups, or devices, rather than the entire directory.
Admission Controllers
Admission controllers are plugins that intercept and process requests to the Kubernetes API server after authentication and authorization, but before the request is persisted, allowing policies to be enforced on objects being created, modified, or deleted.
Advanced Encryption Standard
Advanced Encryption Standard (AES) is a widely used symmetric encryption algorithm that protects electronic data by converting readable information into a scrambled format that can only be unscrambled with the correct secret key.
Advanced Micro Devices
Advanced Micro Devices (AMD) is a company that designs and manufactures central processing units (CPUs), graphics processing units (GPUs), and other computer hardware components used in personal computers, servers, and embedded systems.
Advanced RISC Machine
Advanced RISC Machine (ARM) is a family of energy-efficient processor architectures based on reduced instruction set computing, widely used in mobile devices, embedded systems, and increasingly in servers and laptops.
Advanced Technology Extended
Advanced Technology Extended (ATX) is a motherboard form factor specification that defines the physical dimensions, mounting points, power connector layout, and cooling requirements for desktop computer systems.
Adversary simulation
A cybersecurity exercise where a team mimics the tactics, techniques, and procedures of a real attacker to test an organization's defenses without causing actual harm.
Adware
Adware is software that automatically displays or downloads unwanted advertisements, often bundled with free programs, and may track user behavior without clear consent.
AES
AES is a fast and secure encryption standard used worldwide to protect sensitive data by scrambling it so only authorized parties can read it.
Agent
An agent is a software component that runs on a local machine to perform automated tasks, collect data, or execute commands as part of a larger system like CI/CD or monitoring.
Agile Framework
An Agile Framework is a set of principles and practices for managing projects by delivering work in small, iterative cycles, allowing teams to adapt quickly to changing requirements and customer feedback.
AH
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
AH
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
AI for Network Operations
AI for Network Operations uses artificial intelligence to automate, monitor, and troubleshoot computer networks, reducing manual work and improving reliability.
Aircrack-ng
Aircrack-ng is a suite of wireless network security tools used to capture packets, monitor networks, and crack WEP and WPA-PSK keys for penetration testing and security auditing.
Airplane mode
Airplane mode is a mobile device setting that disables wireless communication functions like cellular, Wi-Fi, and Bluetooth to prevent interference with aircraft systems.
AirPrint
AirPrint is Apple's built-in technology that lets you print wirelessly from any Apple device to a compatible printer without installing any extra drivers or software.
AKS
Azure Kubernetes Service (AKS) is a managed container orchestration service on Microsoft Azure that simplifies deploying, managing, and scaling containerized applications using Kubernetes.
ALB
An Application Load Balancer is a managed network service that distributes incoming web traffic across multiple target servers based on the content of the request, such as the URL path or HTTP headers.
ALE
ALE (Annualized Loss Expectancy) is a risk management formula that estimates the yearly monetary loss from a specific threat to an asset.
Alert
An alert is a notification that something unusual or potentially harmful has happened in a computer system or network.
Alert fatigue
Alert fatigue is the desensitization and overwhelming feeling security analysts experience when they receive so many security alerts that they begin to ignore or miss them.
Alert rule
An alert rule is a set of conditions and actions that trigger a notification when a monitored metric or log reaches a predefined threshold.
Alerting policy
An alerting policy is a set of rules that defines when to send notifications about a system condition that needs attention.
Algorithm
An algorithm is a step-by-step set of instructions designed to solve a problem or complete a task.
Alias record
An Alias record is a DNS record type that maps a hostname to another hostname, seamlessly routing traffic to AWS resources like load balancers or CloudFront distributions.
Allowed VLANs
Allowed VLANs are the specific VLANs whose traffic is permitted to pass over a specific trunk link between switches, acting as an access control filter for VLAN traffic on a port.
AlloyDB
AlloyDB is a fully managed, PostgreSQL-compatible database service from Google Cloud designed for high performance, scalability, and reliability for transactional and analytical workloads.
Alternate port
An alternate port is a switch port that offers a backup path to the root bridge in a Spanning Tree Protocol network, remaining blocked until the primary path fails.
Amazon CloudWatch
Amazon CloudWatch is a monitoring service for AWS resources and applications that collects metrics, logs, and events to help you observe and troubleshoot your cloud infrastructure.
Amazon EC2
Amazon EC2 is a web service that lets you rent virtual computers in the cloud to run your own applications and workloads.
Amazon EFS
Amazon Elastic File System (EFS) is a scalable, fully managed cloud file storage service that can be accessed by multiple Amazon EC2 instances concurrently using the NFS protocol.
Amazon FSx
Amazon FSx is a fully managed service that makes it easy to launch, run, and scale feature-rich, high-performance file systems in the cloud, supporting popular file systems like Windows File Server and Lustre.
AMI
An Amazon Machine Image (AMI) is a pre-configured template used to launch virtual servers (EC2 instances) in Amazon Web Services, including the operating system, software, and settings.
anacron
Anacron is a tool that runs scheduled tasks on computers that are not always turned on, ensuring they still get executed even if the computer was off at the scheduled time.
Analysis
In incident response, analysis is the process of examining data and events to determine what happened, how it happened, and what actions to take.
Analytical data
Analytical data is information that has been cleaned, structured, and optimized for querying and reporting to support business decision-making.
Android
Android is an open-source operating system used primarily on mobile devices like smartphones and tablets, developed by Google.
Anonymization
Anonymization is the process of removing or altering personally identifiable information so that an individual cannot be identified, directly or indirectly, from the remaining data.
Ansible
Ansible is an open-source automation tool that IT professionals use to configure systems, deploy software, and manage infrastructure without needing to install agent software on every managed machine.
Ansible for Network Automation
Ansible for Network Automation is an open-source tool that allows network engineers to automate the configuration, management, and deployment of network devices like routers and switches using simple text files instead of manual commands.
Anthos
Anthos is a Google Cloud platform that lets you run applications consistently across different computing environments, like on-premises data centers and multiple public clouds.
Anthos Config Management
Anthos Config Management is a Google Cloud tool that helps IT teams manage and enforce configurations across multiple Kubernetes clusters from a single source of truth.
Anti-malware
Anti-malware is software that detects, prevents, and removes malicious software from computers, networks, and devices.
Anti-malware policy
An anti-malware policy is a set of rules and procedures that an organization enforces to prevent, detect, and remove malicious software from its computers and networks.
Anti-phishing policy
An anti-phishing policy is a set of rules and technical controls that organizations use to detect, block, and respond to email or message-based attacks that trick users into revealing sensitive information.
Anti-spam policy
An anti-spam policy is a set of rules and filters used by email systems to automatically detect and block unwanted, unsolicited, or harmful messages before they reach a user's inbox.
Antivirus
Antivirus is software that detects, prevents, and removes malicious software (malware) from a computer or network.
Anything As A Service
A model where you rent any IT resource or service over the internet instead of owning it.
AP
An AP (Access Point) bridges wireless clients to a wired network, acting as a central transceiver and controller for Wi-Fi communications.
APFS
APFS (Apple File System) is a modern file system designed by Apple for solid-state drives and flash storage, offering improved performance, encryption, and space sharing across macOS, iOS, and other Apple devices.
API
An API is a set of rules that allows software applications to communicate and exchange data with each other.
API endpoint
An API endpoint is a specific URL address that a client uses to communicate with a server to send or receive data in a structured way.
API Gateway
An API Gateway is a managed service that acts as a single entry point for client applications to access backend services, handling request routing, authentication, rate limiting, and protocol translation.
API key
An API key is a unique identifier that authenticates a user or application when calling an API, controlling access and tracking usage.
API Management
API Management is a service that acts as a front door for application programming interfaces, controlling access, monitoring usage, and enforcing security policies.
API security
API security is the practice of protecting application programming interfaces from attacks by ensuring only authorized users and applications can access data and functions.
API Server Security
API Server Security refers to the practices, configurations, and controls that protect the Kubernetes API server from unauthorized access, data breaches, and malicious attacks.
Apigee
Apigee is a Google Cloud platform for designing, securing, and analyzing APIs that connect applications and services.
APIPA
APIPA is a Windows feature that automatically assigns a private IP address (169.254.x.x) to a device when a DHCP server is unavailable, allowing limited local network communication.
App deployment
App deployment is the process of making a software application available for use by end users, often involving distribution, installation, configuration, and updates across multiple devices or servers.
App Engine
App Engine is a fully managed serverless platform from Google Cloud that lets developers build and deploy applications without worrying about the underlying infrastructure.
App protection policy
An app protection policy is a set of rules that controls how data is handled and secured within mobile applications, ensuring corporate information stays safe even on personal devices.
App Runner
AWS App Runner is a fully managed container service that lets you deploy web applications and APIs directly from source code or a container image without managing the underlying infrastructure.
App Service plan
An App Service plan is a set of compute resources that defines the infrastructure, pricing tier, and scaling capabilities for one or more Azure App Service applications.
AppArmor
AppArmor is a Linux kernel security module that restricts programs to a predefined set of resources using mandatory access control (MAC) policies.
AppArmor Profiles
AppArmor Profiles are security policies that restrict the system resources and actions a program can access, acting like a permission badge for software.
Apple File System
Apple File System (APFS) is a modern file system designed by Apple for macOS, iOS, and other Apple devices, optimized for flash storage and strong encryption.
Application Control
Application Control is a security feature in Windows that allows administrators to specify exactly which applications are allowed to run on a device, blocking everything else by default.
Application crash
An application crash is when a software program stops working unexpectedly and either closes, freezes, or becomes unresponsive.
Application Crash Troubleshooting
Application crash troubleshooting is the systematic process of identifying why a software program stops working, preventing data loss, and restoring normal function.
Application Default Credentials
Application Default Credentials (ADC) is a built-in Google Cloud mechanism that automatically finds and provides the right credentials for your application to authenticate to Google Cloud services without hardcoding secrets.
Application deployment
Application deployment is the process of making a software application available for use, typically by installing, configuring, and activating it on target devices or servers.
Application Gateway
An Application Gateway is a network device or cloud service that manages and secures traffic between users and web applications by applying rules, routing requests, and offloading tasks like SSL encryption.
Application Gateway Design
Application Gateway Design is the process of planning and configuring a layer 7 load balancer in Azure that routes web traffic based on URL paths, hostnames, or other HTTP rules for secure, scalable, and high-performance application delivery.
Application Insights
Application Insights is an Azure monitoring service that helps developers detect, diagnose, and understand issues in live web applications by collecting telemetry data like requests, exceptions, and performance counters.
Application Load Balancer
An Application Load Balancer is a cloud service that automatically distributes incoming web traffic across multiple servers to keep applications fast and reliable.
Application Programming Interface
A set of rules and tools that allows one software program to talk to another, like a messenger between applications.
Application Security Group
An Application Security Group (ASG) is a cloud networking feature that groups virtual machines logically and allows you to apply security rules based on the application workload, rather than individual IP addresses.
AppLocker
AppLocker is a Windows security feature that helps IT administrators control which applications and files users are allowed to run on their computers.
Approval gate
An approval gate is a checkpoint in an Azure DevOps release pipeline where a pipeline run pauses until a designated team or person manually approves or rejects the deployment.
apt
APT (Advanced Package Tool) is a command-line utility used in Debian-based Linux distributions to install, update, remove, and manage software packages from repositories.
apt-get
apt-get is a command-line tool used in Debian-based Linux distributions to install, update, and remove software packages.
Archive tier
Archive tier is an ultra-low-cost Azure Blob Storage access tier designed for long-term retention of data that is rarely accessed and can tolerate hours of retrieval latency.
Area 0
Area 0 is the backbone area in OSPF routing that connects all other OSPF areas to ensure a loop-free and efficient network routing topology.
ARM
ARM stands for Azure Resource Manager, the management layer that enables you to create, update, and delete resources in your Azure account.
ARM template
An ARM template is a JSON file that defines the infrastructure and configuration for Azure resources, enabling repeatable and consistent deployments.
ARO
ARO stands for Annualized Rate of Occurrence, a number that estimates how often a specific threat or risk event is expected to happen in a single year.
ARP
Address Resolution Protocol (ARP) is a network protocol used to map a device's IP address to its physical MAC address so data can be delivered correctly on a local network.
ARP poisoning
ARP poisoning is a network attack where an attacker sends fake Address Resolution Protocol messages to link their MAC address with a legitimate IP address, enabling them to intercept, modify, or stop data on a local network.
ARP reply
An ARP reply is a network response sent by a device to answer an ARP request, providing its MAC address so the requesting device can map an IP address to a physical hardware address on a local network.
ARP request
An ARP request is a network broadcast message sent by a device to discover the hardware (MAC) address of another device on the same local network given its IP address.
ARP table
An ARP table is a data structure stored on a network device that maps IP addresses to their corresponding MAC addresses, enabling communication within a local network.
Artifact
An artifact is any file or package produced during the software development process that is used to deploy, test, or run an application.
Artifact Registry
Artifact Registry is a managed service for storing, managing, and securing container images and other software packages in a centralized repository.
Artificial intelligence
Artificial intelligence is the simulation of human intelligence processes by computer systems, enabling machines to learn, reason, and make decisions.
ASG
An Availability Set is a logical grouping of virtual machines in Azure that helps ensure high availability by distributing VMs across different physical hardware within a datacenter.
Asset
In IT and cybersecurity, an asset is anything valuable that an organization owns or controls, including data, hardware, software, people, and intellectual property.
Asset inventory
An asset inventory is a comprehensive, up-to-date list of all hardware and software assets within an organization, used to identify vulnerabilities and manage security risks.
Asset management
Asset management is the process of tracking and maintaining all the hardware and software items a company owns throughout their entire life cycle.
Asset valuation
Asset valuation is the process of determining the financial worth of an organization's information assets, often used to prioritize security controls and allocate protection resources effectively.
Assigned license
An assigned license is a software or service license that has been specifically allocated to a particular user or device, granting that entity the right to use the licensed product.
Assume breach
Assume breach is a security mindset where an organization operates as if attackers have already compromised their network, shifting focus to rapid detection, containment, and damage limitation rather than only prevention.
Assured Workloads
Assured Workloads is a set of cloud security controls that help organizations run sensitive workloads in a trusted, verified environment on Google Cloud.
Asymmetric encryption
Asymmetric encryption is a cryptographic method that uses a pair of keys—a public key for encryption and a private key for decryption—to securely exchange data without sharing a secret.
at
The 'at' command schedules a one-time task to run at a specified future time on a Linux or Unix system.
Attack chain
The attack chain (or kill chain) is a model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.
Attack simulation training
Attack simulation training is a Microsoft 365 security tool that lets IT administrators run realistic phishing and password-attack campaigns against their own users to identify vulnerabilities and improve security awareness.
Attack surface
The attack surface is the total sum of all points in a system, network, or application where an unauthorized user can try to enter or extract data.
Attack surface management
Attack surface management is the continuous process of identifying, monitoring, and reducing all the possible entry points an attacker could use to break into an organization's IT systems.
Attack surface reduction
Attack surface reduction is a set of security practices that minimizes the number of ways an attacker can access or exploit a system by removing unnecessary features, locking down configurations, and controlling software behavior.
Attack vector
An attack vector is the specific path or method a cyber attacker uses to gain unauthorized access to a computer system or network.
Attestation of findings
Attestation of findings is the formal process where an auditor or assessor confirms that the results of a security or compliance evaluation are accurate, complete, and trustworthy.
ATX
ATX is a standard specification for the physical layout, power supply, and connectors inside a desktop computer case and motherboard.
Audio Processing Unit
An Audio Processing Unit (APU) is a dedicated processor designed specifically to handle all sound-related tasks in a computer or device, freeing up the main CPU for other work.
Audit
An audit is a systematic, independent review of IT systems, processes, and controls to verify compliance with policies, standards, and regulations.
Audit log
An audit log is a chronological record of security-relevant events and user activities within a system, used for monitoring, compliance, and forensic analysis.
Audit Logging
Audit logging is the process of recording a chronological, tamper-evident trail of who did what, when, and where inside a computer system or network.
Audit trail
An audit trail is a chronological record of events, changes, or activities in a system that provides evidence of who did what, when, and from where.
AUP
An Acceptable Use Policy (AUP) is a set of rules that define how users are allowed to access and use a company's network, devices, and internet connection.
Aurora
Amazon Aurora is a fully managed relational database engine from AWS that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases like MySQL and PostgreSQL.
Aurora Serverless
Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora that automatically starts, scales, and stops database capacity based on your application's needs.
Authenticated scan
An authenticated scan is a vulnerability scan that uses valid credentials to log into a system and examine it from the inside, providing a more thorough assessment of security weaknesses than an unauthenticated scan.
Authentication
Authentication is the process of verifying that someone or something is who or what it claims to be before granting access to a system or resource.
Authentication Authorization and Accounting
Authentication, Authorization, and Accounting (AAA) is a security framework that controls who can access a network or system, what they are allowed to do, and tracks what they actually did.
Authentication factor
An authentication factor is a piece of evidence used to verify that you are who you claim to be when logging into a system.
Authentication log
An authentication log is a record of all attempts to verify a user's identity when accessing a system, including successes, failures, and associated metadata.
Authentication strength
Authentication strength is a measure of how resistant a login process is to unauthorized access, combining the type, number, and quality of credentials required.
Authenticator app
An authenticator app is a software application on your phone or computer that generates temporary codes used to prove your identity when logging into online accounts.
Authorization
Authorization determines what an authenticated user is allowed to do within a system, such as accessing files, running programs, or changing settings.
authorized_keys
A file on a server that stores the public keys of users who are allowed to log in without a password using SSH key-based authentication.
Auto Scaling group
An Auto Scaling group is a logical collection of EC2 instances that automatically adjusts the number of instances based on demand, ensuring availability and cost efficiency.
Auto-negotiation
Auto-negotiation is an Ethernet feature that allows two connected devices to automatically agree on the best possible speed and duplex mode for their link.
Automatic Document Feeder
An Automatic Document Feeder (ADF) is a hardware component in scanners, printers, and copiers that automatically feeds multiple pages of a document for scanning or copying without manual intervention.
Automatic Private Internet Protocol Addressing
A fallback method used by a device to automatically assign itself an IP address when it cannot obtain one from a DHCP server.
AutoML
Automated Machine Learning (AutoML) is a set of tools and techniques that automate the process of building, training, and tuning machine learning models without requiring deep expertise in data science.
Autonomous System
An Autonomous System (AS) is a large network or group of networks under a single administrative control that presents a unified routing policy to the internet.
Autopilot
Autopilot is a Microsoft cloud-based deployment technology that automates the setup and configuration of new Windows devices, reducing manual IT effort and enabling users to be productive from the first boot.
Autopilot profile
An Autopilot profile is a collection of configuration settings that dictates how a new Windows device will be set up and delivered to an end user with minimal IT intervention.
Autopilot Reset
Autopilot Reset is a Windows feature that allows IT administrators to quickly remove a user's personal files, settings, and apps from a managed device, returning it to a ready-to-use, business-ready state without needing to reinstall the operating system.
Autopsy Tool
An open-source digital forensics platform used to analyze hard drives, recover deleted files, and uncover evidence from computers and storage media.
Autoscaler
An Autoscaler is a cloud service that automatically increases or decreases the number of virtual machines (instances) or resources based on real-time demand, so your application always has enough capacity without wasting money on idle servers.
Availability
Availability is the measure of how often a system or service is operational and accessible when needed, typically expressed as a percentage of uptime.
Availability management
Availability management is the practice of ensuring that IT services and systems are operational and accessible when users need them.
Availability set
An Availability set is a cloud computing feature that groups virtual machines across multiple fault domains and update domains to ensure high availability during hardware failures or planned maintenance.
Availability zone
An Availability Zone is a distinct, isolated location within a cloud region that contains its own power, cooling, and networking, designed to protect applications from single points of failure.
awk
Awk is a scripting language used for pattern scanning and text processing, commonly used in Unix and Linux environments to extract and manipulate data from files or command output.
AWS Audit Manager
AWS Audit Manager is a service that automatically collects evidence from your AWS accounts to help you prove that you are following security and compliance rules, making audits easier and faster.
AWS Backup
AWS Backup is a fully managed service that centralizes and automates data backups across multiple AWS services, enabling you to define backup policies, monitor activity, and restore data from a single dashboard.
AWS Budgets
AWS Budgets is a cost management tool that lets you set spending limits and receive alerts when your AWS usage and costs approach or exceed those limits.
AWS CLI
The AWS Command Line Interface is a unified tool that lets you manage Amazon Web Services from a terminal or command prompt by typing commands instead of using the graphical console.
AWS Cloud
AWS Cloud is a comprehensive on-demand cloud computing platform provided by Amazon that offers a wide range of services including computing power, storage, and databases, allowing businesses to scale and innovate without managing physical hardware.
AWS CloudFormation
AWS CloudFormation is a service that lets you define and provision AWS infrastructure using code, so you can launch and manage resources consistently and predictably.
AWS CloudTrail
AWS CloudTrail is a service that records every action taken in your AWS account, like a security camera that logs who did what and when.
AWS Config
AWS Config is a service that continuously records, evaluates, and reports on changes to your AWS resources so you can maintain a secure and compliant infrastructure.
AWS Config Rules
AWS Config Rules are customizable, automated checks that continuously evaluate your AWS resource configurations against desired compliance or security policies and alert you when a resource is noncompliant.
AWS Firewall Manager
AWS Firewall Manager is a centralized security management service that lets you configure and enforce firewall rules across all accounts and resources in your AWS organization from a single place.
AWS Health
AWS Health is a service that provides ongoing visibility into the status of your AWS resources, services, and accounts, delivering alerts and remediation guidance when issues occur.
AWS OpsWorks
AWS OpsWorks is a configuration management service that uses Chef and Puppet to automate how servers are configured, deployed, and managed across Amazon EC2 instances and on-premises environments.
AWS Organizations
AWS Organizations is a free service that lets you centrally manage multiple AWS accounts, apply security policies, and control billing across your entire cloud environment.
AWS SDK
The AWS SDK is a set of libraries and tools that developers use to interact with Amazon Web Services from their programming language of choice.
AWS Shield
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS from attacks that try to overwhelm them with traffic.
AWS SSO
AWS SSO is a cloud-based service that lets you sign in once (single sign-on) to access multiple AWS accounts and business applications from one central place.
AWS Support plan
AWS Support plans are tiered service packages that provide varying levels of technical support, guidance, and response times for AWS cloud environments.
AWS Systems Manager
AWS Systems Manager is a management service that helps you view and control your AWS infrastructure, automate operational tasks, and maintain security and compliance across your cloud and on-premises resources.
AWS WAF
AWS WAF is a cloud-based web application firewall that helps protect your web applications from common web exploits like SQL injection and cross-site scripting by allowing you to define customizable rules.
AWS X-Ray
AWS X-Ray is a service that traces and analyzes requests as they travel through your distributed application, helping you identify performance bottlenecks and debug errors.
AzCopy
AzCopy is a command-line utility used to copy, move, and synchronize data to and from Azure storage accounts with efficient performance and scripting capabilities.
Azure Active Directory
Azure Active Directory is Microsoft's cloud-based identity and access management service that lets employees sign in and access resources both in the cloud and on-premises.
Azure AD B2C
Azure AD B2C is a cloud identity service that lets you customize and control how your customers sign up, sign in, and manage their profiles when using your applications.
Azure AD Connect
Azure AD Connect is a Microsoft tool that synchronizes on-premises Active Directory identities with Azure Active Directory for unified cloud and on-premises access.
Azure AD Design
Azure AD Design is the process of planning how to organize users, groups, permissions, and authentication methods in Microsoft Entra ID to meet security, compliance, and business needs for cloud and hybrid environments.
Azure Advisor
Azure Advisor is a free, personalized cloud consultant that continuously analyzes your Azure resources and provides best practice recommendations to optimize for reliability, security, performance, operational excellence, and cost.
Azure AI Language
Azure AI Language is a cloud-based service from Microsoft that uses natural language processing to understand, analyze, and generate human language for applications.
Azure AI Search
Azure AI Search is a cloud search service that uses artificial intelligence to index and search through large amounts of data, returning relevant results that feel as smart as a Google search.
Azure AI Services
Azure AI Services is a collection of pre-built, cloud-based artificial intelligence APIs and services that allow developers and IT professionals to integrate capabilities like vision, speech, language, and decision-making into applications without needing deep machine learning expertise.
Azure AI Speech
Azure AI Speech is a cloud service from Microsoft that converts spoken audio into text, text into lifelike speech, and enables real-time voice translation and speaker recognition.
Azure AI Translator
Azure AI Translator is a cloud-based service that uses neural machine translation to convert text between languages while preserving meaning and context.
Azure AI Vision
Azure AI Vision is a cloud-based service from Microsoft that uses pre-built machine learning models to extract information from images and videos, such as objects, text, faces, and scene descriptions.
Azure App Configuration
Azure App Configuration is a managed Azure service that stores and manages application settings and feature flags separately from your code, allowing you to update them without redeploying or restarting your application.
Azure App Service
Azure App Service is a fully managed platform for building, deploying, and scaling web applications and APIs without managing the underlying infrastructure.
Azure App Service Authentication
Azure App Service Authentication is a built-in feature that allows web apps, mobile backends, and API apps to authenticate users without requiring custom code from the developer.
Azure App Service Plans
An Azure App Service Plan defines the compute resources, pricing tier, scaling capabilities, and region for one or more web apps, API apps, mobile app backends, or Azure Functions hosted in Azure App Service.
Azure App Service Scaling
Azure App Service Scaling is the ability to automatically or manually adjust the number of computing resources allocated to a web app hosted on Azure App Service to handle changes in traffic demand.
Azure Application Gateway
Azure Application Gateway is a cloud-based web traffic load balancer that manages and protects HTTP and HTTPS requests to web applications based on their URL paths and other routing rules.
Azure Arc
Azure Arc is a Microsoft service that lets you manage servers, Kubernetes clusters, and databases running outside of Azure as if they were native Azure resources.
Azure Artifacts
Azure Artifacts is a service within Azure DevOps that allows teams to create, host, and share packages like NuGet, npm, Maven, and Python, making software dependencies easier to manage across projects.
Azure Automation
Azure Automation is a cloud-based service that lets you automatically create, deploy, monitor, and maintain resources in your Microsoft Azure environment using runbooks and configuration management.
Azure Backup
Azure Backup is a cloud-based service from Microsoft that protects your data by creating and storing backups of files, folders, virtual machines, databases, and entire servers in the Azure cloud.
Azure Backup Design
Azure Backup Design is the process of planning and configuring a reliable, cost-effective, and secure backup and recovery solution for workloads hosted in Microsoft Azure.
Azure Bastion
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH connectivity to virtual machines directly through the Azure portal without exposing public IP addresses.
Azure Blob Storage Tiers
Azure Blob Storage Tiers are pricing and performance levels that let you store data in the most cost-effective way based on how often you access it.
Azure Boards
Azure Boards is a work tracking and project management service from Microsoft that helps teams plan, track, and discuss work across the software development lifecycle using Kanban boards, backlogs, and dashboards.
Azure Bot Service
Azure Bot Service is a Microsoft Azure cloud platform service for building, deploying, and managing intelligent, conversational chatbots that can interact with users across multiple channels like websites, apps, Microsoft Teams, and Facebook Messenger.
Azure Cache for Redis
Azure Cache for Redis is a fully managed in-memory data store based on the open-source Redis software that speeds up applications by temporarily storing frequently accessed data.
Azure CLI
Azure CLI is a command-line tool that lets you manage Azure resources by typing commands instead of clicking through a web portal.
Azure Cloud Shell
Azure Cloud Shell is a browser-accessible, authenticated command-line interface for managing Azure resources without needing a local terminal or software installation.
Azure Container Instances
Azure Container Instances (ACI) is a PaaS service that lets you run a container directly in Azure without managing any underlying servers or orchestration.
Azure Cosmos DB
Azure Cosmos DB is a fully managed, globally distributed NoSQL database service that offers fast reads and writes anywhere in the world with automatic scaling and multiple consistency models.
Azure Data Encryption
Azure Data Encryption is the process of scrambling data in Microsoft Azure so that only authorized people or systems can read it.
Azure Data Factory
Azure Data Factory is a cloud-based data integration service that lets you create, schedule, and orchestrate data pipelines to move and transform data from various sources to destinations.
Azure Data Lake Gen2
Azure Data Lake Gen2 is a cloud-based data storage service that combines the scalability and performance of a data lake with the hierarchical file system and security of a data warehouse, designed for big data analytics.
Azure Data Masking
Azure Data Masking is a security feature that hides sensitive data in database query results by replacing it with obscured characters, so unauthorized users see a blurred version instead of the real information.
Azure Data Storage Partitioning
Azure Data Storage Partitioning is the practice of dividing large datasets into smaller, manageable pieces called partitions to improve performance, scalability, and efficiency in cloud storage systems.
Azure Database for MySQL
Azure Database for MySQL is a fully managed relational database service in Microsoft Azure that runs the MySQL community edition and handles administration tasks automatically.
Azure Database for PostgreSQL
Azure Database for PostgreSQL is a fully managed, scalable relational database service in Microsoft Azure that runs the open-source PostgreSQL engine, handling backups, patching, and high availability for you.
Azure Database Migration
Azure Database Migration is the process of moving databases from on-premises servers or other cloud platforms to Azure’s cloud database services with minimal downtime and data loss.
Azure Databricks
Azure Databricks is a fast, easy, and collaborative Apache Spark-based analytics platform optimized for Azure that lets data teams prepare data, run machine learning models, and build data pipelines using a single workspace.
Azure datacenter
An Azure datacenter is a physical facility that houses Microsoft's cloud computing infrastructure, including servers, storage, and networking equipment, to deliver Azure services globally.
Azure DevOps
Azure DevOps is a Microsoft service that provides development tools for planning, building, testing, and deploying software applications using automated pipelines and collaboration features.
Azure DNS
Azure DNS is a cloud-based service that lets you host and manage your domain name system (DNS) records using Microsoft's global infrastructure, so your website or app can be reached by people using easy-to-remember names instead of IP addresses.
Azure DNS Design
Azure DNS Design is the process of planning and configuring the Domain Name System within Microsoft Azure to reliably resolve domain names to IP addresses for cloud resources and services.
Azure Event Grid
Azure Event Grid is a fully managed event routing service that allows applications and services to react to events in real time using a publish-subscribe model.
Azure Event Hubs
Azure Event Hubs is a cloud-based service that ingests and processes millions of events per second from devices, applications, and services in real time.
Azure ExpressRoute
Azure ExpressRoute is a dedicated, private, and high-speed network connection from your on-premises data center to Microsoft's cloud, bypassing the public internet for better reliability, security, and performance.
Azure File Sync
Azure File Sync is a Microsoft service that lets you centralize your file shares in Azure while keeping them accessible, fast, and editable on your local servers by caching frequently used files on-premises.
Azure Files
Azure Files is a cloud-based file sharing service that lets you create and access file shares using the Server Message Block (SMB) protocol or Network File System (NFS) protocol, just like you would access files on a local network drive.
Azure Files Shares
Azure Files Shares are fully managed cloud file shares that you can access from anywhere using standard industry protocols like SMB and NFS.
Azure Firewall
Azure Firewall is a cloud-based network security service that protects your virtual networks in Microsoft Azure by filtering traffic based on rules you define.
Azure Firewall Design
Azure Firewall Design is the process of planning and configuring a cloud-based network security service that controls and monitors traffic in and out of Azure virtual networks.
Azure Front Door
Azure Front Door is a global cloud load balancer and content delivery network that routes user traffic to the fastest and most available backend application across multiple regions.
Azure Functions
Azure Functions is a serverless compute service that lets you run event-driven code without managing infrastructure, automatically scaling to meet demand.
Azure Functions Bindings
Azure Functions Bindings are declarative connections that link your serverless function code to Azure services or external resources, handling input and output data automatically without writing extra networking or authentication code.
Azure Functions Triggers
Azure Functions triggers are events that cause a function (a small piece of code) to run automatically in the cloud.
Azure geography
Azure geography is a discrete market containing one or more Azure regions that preserves data residency and compliance boundaries for customers.
Azure IoT Hub
Azure IoT Hub is a managed cloud service that acts as a central message hub for bi-directional communication between IoT devices and the cloud.
Azure Key Vault
Azure Key Vault is a cloud service for securely storing and managing sensitive information like passwords, encryption keys, and certificates.
Azure Kubernetes Service
Azure Kubernetes Service is a managed container orchestration service that simplifies deploying, managing, and scaling containerized applications using Kubernetes on Microsoft Azure.
Azure Kubernetes Service Development
Azure Kubernetes Service Development is the practice of designing, building, and deploying containerized applications using Azure Kubernetes Service, a managed container orchestration platform in Microsoft Azure.
Azure Load Balancer
Azure Load Balancer is a cloud service that evenly distributes incoming network traffic across multiple virtual machines or resources to ensure reliability and high availability.
Azure Load Balancer Design
Azure Load Balancer Design is the process of planning and configuring a Layer 4 (TCP/UDP) load balancer in Microsoft Azure to distribute incoming network traffic across healthy virtual machines or services for high availability and scalability.
Azure Machine Learning
Azure Machine Learning is a cloud service for building, training, and deploying machine learning models at scale.
Azure Marketplace
Azure Marketplace is an online store where you can find, try, buy, and deploy software and services that work with Microsoft Azure.
Azure Monitor
Azure Monitor is a cloud service that collects, analyzes, and acts on telemetry data from your Azure and on-premises resources to help you understand performance and availability.
Azure Monitor Metrics
Azure Monitor Metrics is a feature of Azure Monitor that collects, stores, and analyzes numerical data from Azure resources to track performance, health, and usage over time.
Azure Networking Design
Azure Networking Design is the process of planning and configuring virtual networks, subnets, routing, and connectivity services in Microsoft Azure to securely connect cloud resources to each other and to on-premises networks.
Azure OpenAI Service
Azure OpenAI Service is a cloud platform from Microsoft that lets developers use powerful artificial intelligence models, like GPT-4, to build applications that can understand and generate human-like text, code, images, and more.
Azure Pipelines
Azure Pipelines is a cloud-based CI/CD service from Microsoft that automatically builds, tests, and deploys code to any platform or cloud.
Azure Policy
Azure Policy is a service in Microsoft Azure that lets you create, assign, and manage rules to ensure your resources stay compliant with your company standards and service-level agreements.
Azure Policy Design
Azure Policy Design is the practice of creating and organizing rules that enforce compliance and governance across resources in Microsoft Azure.
Azure portal
The Azure portal is a web-based, unified console that lets you build, manage, and monitor everything from simple web apps to complex cloud deployments using a graphical user interface.
Azure PowerShell
Azure PowerShell is a set of cmdlets (command-line tools) that let you manage Azure resources directly from the PowerShell command line or scripts.
Azure Pricing Calculator
The Azure Pricing Calculator is a free web-based tool from Microsoft that helps you estimate the cost of Azure cloud services by configuring resources like virtual machines, storage, and databases.
Azure Queue Storage
Azure Queue Storage is a cloud service for storing and retrieving large numbers of messages that can be accessed from anywhere, enabling asynchronous communication between application components.
Azure RBAC for Data
Azure RBAC for Data is a security system that controls who can read, write, or manage data in Azure storage services using role-based permissions.
Azure Relay
Azure Relay is a cloud service that securely exposes on-premises web services to the public internet or other cloud applications without opening firewall ports.
Azure Repos
Azure Repos is a set of version control tools that allow teams to manage their source code, track changes, and collaborate on software projects using Git or Team Foundation Version Control (TFVC) within the Microsoft Azure ecosystem.
Azure resource
An Azure resource is a manageable item available through Microsoft Azure, such as a virtual machine, database, or web app.
Azure Resource Manager
Azure Resource Manager (ARM) is the deployment and management service for Azure that provides a consistent management layer for creating, updating, and deleting resources in your Azure account.
Azure role
An Azure role is a set of permissions that defines what actions a user, group, or application can perform on specific Azure resources.
Azure Security Architecture
Azure Security Architecture is the structured design of security controls and practices within Microsoft Azure to protect data, applications, and networks.
Azure Sentinel
Azure Sentinel is Microsoft's cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) service that uses intelligent analytics to help protect an enterprise's entire digital estate.
Azure Service Bus
Azure Service Bus is a cloud-based message broker that allows applications, services, and devices to send and receive messages reliably, even when they are not all running at the same time.
Azure Service Health
Azure Service Health is a personalized dashboard that provides real-time information about the health of your Azure services, including current and past outages, planned maintenance, and advisory messages.
Azure Site Recovery
Azure Site Recovery is a Microsoft Azure service that keeps your business applications and data running by automatically replicating them to a secondary location and failing over if the primary site goes down.
Azure SQL Auditing
Azure SQL Auditing is a feature that tracks and records database events, such as data changes and logins, and writes them to an audit log for security monitoring and compliance.
Azure SQL Authentication
Azure SQL Authentication is the process of verifying a user's identity to access an Azure SQL database using either a username and password (SQL Authentication) or a Microsoft Entra ID (formerly Azure AD) identity.
Azure SQL Database
Azure SQL Database is a fully managed relational database-as-a-service (DBaaS) in Microsoft Azure, based on the SQL Server engine, that handles scaling, backups, patching, and high availability automatically.
Azure SQL Database Backup
Azure SQL Database Backup is a fully managed, automated service that creates and stores copies of your SQL database data and transaction logs in Azure storage, enabling point-in-time recovery and long-term retention for data protection and business continuity.
Azure SQL Database Deployment
Azure SQL Database Deployment is the process of creating and configuring a fully managed relational database in the Microsoft Azure cloud using SQL Server engine, without managing the underlying infrastructure.
Azure SQL Firewall Rules
Azure SQL Firewall Rules are security settings that control which IP addresses or Azure services are allowed to connect to a SQL database hosted in Microsoft Azure.
Azure SQL Indexes
Structures in Azure SQL Database that speed up data retrieval by providing quick access paths to rows, similar to a book index.
Azure SQL Managed Instance
Azure SQL Managed Instance is a fully managed cloud database service that gives you nearly all the features of Microsoft SQL Server on your own server, without you having to manage the hardware or operating system.
Azure SQL Performance Tuning
Azure SQL Performance Tuning is the process of optimizing the speed and efficiency of queries and database operations in Microsoft Azure SQL Database or SQL Managed Instance to reduce latency and improve throughput.
Azure SQL Threat Detection
Azure SQL Threat Detection is a built-in security feature that continuously monitors your Azure SQL database for suspicious activities and sends alerts when potential threats are found.
Azure Status
Azure Status is a service health dashboard that shows the current operational state of all Microsoft Azure cloud services and regions in real time.
Azure Storage
Azure Storage is Microsoft's cloud-based service for storing data like files, messages, and backups with high durability and scalability.
Azure Storage Design
Azure Storage Design is the process of planning how to store, organize, protect, and access data in Microsoft Azure so that it is fast, secure, and cost-effective.
Azure Storage Encryption
Azure Storage Encryption is the process of protecting data stored in Azure cloud storage by converting it into an unreadable format using encryption keys, ensuring only authorized parties can access it.
Azure Stream Analytics
Azure Stream Analytics is a fully managed, real-time data processing service that analyzes and transforms high volumes of streaming data from various sources to deliver low-latency insights and trigger actions.
Azure subscription
An Azure subscription is a logical container in Microsoft Azure that provides billing isolation and access boundaries for your cloud resources and services.
Azure Synapse Analytics
Azure Synapse Analytics is a cloud-based data integration, warehousing, and analytics service that brings together big data and data warehouse capabilities under one platform.
Azure Table Storage
Azure Table Storage is a NoSQL key-value data store in the cloud that lets you store and query large amounts of structured, non-relational data without needing a traditional database server.
Azure Table Storage Design
Azure Table Storage Design is the practice of structuring and organizing data tables in Azure’s NoSQL key-value store to ensure fast, scalable, and cost-efficient access for applications.
Azure Test Plans
Azure Test Plans is a service within Azure DevOps that provides a rich set of tools for manual and exploratory testing, including test case management, test execution, and stakeholder feedback, all integrated into the CI/CD pipeline.
Azure Traffic Manager
Azure Traffic Manager is a DNS-based traffic load balancer that directs incoming web traffic to the most appropriate endpoint based on performance, priority, geographic location, or a weighted distribution method.
Azure Virtual Desktop
Azure Virtual Desktop is a cloud-based desktop and application virtualization service that lets users access a full Windows desktop and business apps from anywhere, on any device.
Azure virtual machine
An Azure virtual machine is a software-based emulation of a physical computer that runs in Microsoft's cloud, allowing you to deploy and manage applications without owning the hardware.
Azure Virtual Network
Azure Virtual Network is a cloud service that lets you create a private, isolated network in the Microsoft Azure cloud, allowing your virtual machines and other resources to communicate securely with each other, the internet, and your on-premises network.
Azure Virtual Network Design
Azure Virtual Network Design is the process of planning and creating a private network in the Microsoft Azure cloud that allows your virtual machines and other resources to communicate securely with each other, the internet, and your on-premises data center.
Azure VPN Gateway
A cloud-based virtual private network gateway in Microsoft Azure that securely connects on-premises networks to Azure virtual networks over encrypted tunnels.
B2B collaboration
B2B collaboration is a feature in Microsoft Entra ID that lets organizations securely share access to their apps and resources with external business partners using their own identity systems.
B2C identity
B2C identity refers to an identity management system designed for businesses to manage and authenticate external consumers, such as customers or partners, across applications and services.
Backbone area
The backbone area (area 0) is the central routing area in an OSPF network that all other areas must connect to for inter-area communication.
Backlight
A backlight is a light source behind a liquid crystal display (LCD) that illuminates the screen so you can see the images and text.
Backlog
A backlog is a prioritized list of work items that a team needs to complete, used in Azure DevOps to plan and track software development tasks.
Backup
A backup is a copy of computer data taken and stored separately so that the original data can be restored if it is lost, damaged, or corrupted.
Backup and restore
Backup and restore is the process of creating copies of data or system state to protect against loss, and then using those copies to recover the original data or system after a failure or disaster.
Backup Designated Router
A Backup Designated Router (BDR) is a router in an OSPF network that waits to take over as the Designated Router if the current one fails, reducing network downtime.
Backup policy
A backup policy is a documented set of rules that defines what data to back up, how often, where to store it, and how long to keep it, ensuring data can be restored after loss.
Backup strategy
A backup strategy is a planned approach to copying and storing data so it can be recovered if the original is lost, corrupted, or destroyed.
Baiting
Baiting is a social engineering attack where an attacker offers something enticing, such as a free music download or a labeled USB drive, to trick a victim into installing malware or revealing sensitive information.
Bandwidth
Bandwidth is the maximum amount of data that can travel over a network connection in a given amount of time, usually measured in bits per second.
Banner grabbing
Banner grabbing is the process of connecting to a remote service to capture the banner it sends, which often reveals software type and version for reconnaissance.
Barcode scanner
A barcode scanner is an input device that uses light or lasers to read printed barcodes and converts them into digital data for computers.
Baseline
A baseline is a documented starting point for the normal performance and behavior of a system, network, or component, used to detect changes and troubleshoot issues.
Baseline configuration
A baseline configuration is a documented set of specifications for hardware, software, and settings that serves as a consistent starting point for systems in an IT environment.
Bash
Bash is a command-line interpreter that lets users interact with an operating system by typing text commands instead of clicking icons.
Bash script
A Bash script is a text file containing a sequence of commands for the Unix shell Bash, allowing users to automate repetitive tasks and streamline system administration on Linux and macOS.
Basic Input/Output System
The Basic Input/Output System (BIOS) is firmware that initializes and tests computer hardware during startup and provides runtime services for operating systems.
Basic Service Set Identifier
A Basic Service Set Identifier (BSSID) is the unique hardware address that identifies a specific wireless access point or a group of wireless devices communicating together.
Bastion host
A bastion host is a specially hardened server on a network’s perimeter that allows authorized users to securely access internal systems from outside the network.
Batch
Batch is a cloud computing service that runs large numbers of computing jobs as a group, or batch, without needing to manage individual servers.
Batch processing
Batch processing is a method of running high-volume, repetitive data jobs where a group of transactions is collected, processed together automatically, and then results are produced without real-time user interaction.
Battery calibration
Battery calibration is the process of resetting a laptop or mobile device's battery gauge so that it accurately reports the remaining charge.
Bayonet Neill-Concelman
A bayonet-style coaxial connector used in radio frequency applications, especially for cable television and older network connections.
BCP
BCP is a proactive process that creates a framework to ensure critical business functions continue during and after a disruptive event.
Bell-LaPadula
A formal security model that prevents users from reading information at a higher classification level than their own and from writing information down to a lower classification level.
Benefits Realization
Benefits Realization is the process of ensuring that the outcomes of a project or program actually deliver the expected value and improvements to the organization.
BeyondCorp
BeyondCorp is a zero-trust security model developed by Google that shifts access control from the network perimeter to individual users and devices, enabling secure work from any location without a traditional VPN.
BGP
BGP (Border Gateway Protocol) is the routing protocol that directs data packets across the internet by choosing the best paths between autonomous systems.
BGP Best Path Selection
BGP Best Path Selection is the process a router uses to choose the single best route to a destination when multiple routes are available, based on a list of configurable criteria.
BGP Communities
BGP communities are tags attached to routes that allow routers to apply common policies across networks without manual per-route configuration.
BGP Confederations
BGP Confederations divide a large autonomous system into smaller internal sub-autonomous systems to reduce the full mesh requirement of Internal BGP while still acting as a single AS to external peers.
BGP MD5 Authentication
A security feature that uses an MD5 password to verify and protect BGP routing updates between neighboring routers.
BGP Path Attributes
BGP Path Attributes are a set of properties attached to each BGP route that routers use to select the best path to a destination network.
BGP Prefix Filtering
BGP Prefix Filtering is the practice of controlling which network routes (prefixes) a router accepts or advertises to its BGP neighbors, preventing unwanted or harmful routes from spreading across the internet.
BGP Route Aggregation
BGP Route Aggregation is a technique that combines multiple specific network routes into a single summary route to reduce the size of routing tables and improve network efficiency.
BGP Route Reflector
A BGP Route Reflector is a networking device that reduces the number of BGP peer connections needed in a large network by allowing routers to share routing information without needing to connect to every other router directly.
BGP TTL Security
BGP TTL Security is a feature that protects Border Gateway Protocol sessions by verifying that incoming BGP packets have a Time-to-Live value of 255, ensuring they come from a directly connected neighbor and not from a remote attacker.
BIA
A Business Impact Analysis (BIA) is a systematic process used to identify and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency.
BIA and RPO RTO Design
Business Impact Analysis and the design of Recovery Point Objective and Recovery Time Objective define how much data loss and downtime a business can tolerate after an IT failure, guiding the architecture of backup and disaster recovery systems.
Bias
Bias in AI is a systematic error in data or algorithms that leads to unfair or inaccurate outcomes, often reflecting real-world prejudices.
Biba
Biba is a security model that uses a lattice-based system to enforce integrity, ensuring that data cannot be corrupted by unauthorized or less trustworthy subjects.
Bicep
Bicep is a domain-specific language (DSL) used to declare Azure resources in a declarative, modular way, similar to how you write code but for infrastructure.
Big data
Big data refers to extremely large and complex datasets that traditional data processing tools cannot handle efficiently, requiring specialized technologies to store, process, and analyze them.
BigQuery
BigQuery is a fully managed, serverless data warehouse on Google Cloud that lets you run fast SQL queries on massive datasets without managing any infrastructure.
BigQuery ML
BigQuery ML is a feature in Google Cloud that lets you create and run machine learning models using standard SQL queries directly on data stored in BigQuery.
BigQuery slots
BigQuery slots are units of computational capacity that determine how much processing power your queries can use in Google BigQuery.
Bigtable
Bigtable is Google's fully managed, scalable NoSQL database service designed for large analytical and operational workloads, handling petabytes of data with low latency.
Billing account
A billing account in Google Cloud is a container for all the charges generated by using cloud resources, linked to a payment method and used to track and pay for your usage.
Binary Authorization
Binary Authorization is a security control that ensures only trusted container images are deployed in a Kubernetes or cloud environment.
Bind shell
A bind shell is a type of shell connection where the target machine opens a listening port and waits for an attacker to connect, granting remote command access.
Biometric unlock
Biometric unlock is a security method that uses unique physical characteristics, like a fingerprint or face, to grant access to a device.
Biometrics
Biometrics is the technology that uses unique physical or behavioral traits, like fingerprints or voice patterns, to verify a person's identity.
BIOS
BIOS (Basic Input/Output System) is the low-level firmware stored on a motherboard chip that initializes and tests hardware components before loading the operating system.
Bit
A bit is the smallest unit of data in computing and digital communications, representing a single binary value of either 0 or 1.
BitLocker
BitLocker is a full-disk encryption feature built into Windows that protects data by encrypting the entire drive so that unauthorized users cannot access files without the correct recovery key.
BitLocker Encryption
BitLocker Encryption is a full-disk encryption tool built into Windows that protects data by encrypting the entire drive so that it cannot be read without the correct password or recovery key.
BitLocker policy
A BitLocker policy is a set of configuration rules that IT administrators use to manage how BitLocker Drive Encryption is enabled, enforced, and recovered on Windows devices within an organization.
Blameless postmortem
A blameless postmortem is a structured review process after an incident where the focus is on understanding what happened and how to improve, without assigning blame to any individual.
Blank pages
Blank pages are printed sheets that come out of a printer with no text, graphics, or markings, indicating a failure in the printing process.
Blob
A blob is a large piece of unstructured data, like a photo or video, stored in the cloud with a unique identifier.
Blob storage
Blob storage is a cloud service for storing large amounts of unstructured data, such as text or binary data, like documents, images, and videos.
Blob Storage SDK
The Blob Storage SDK is a set of libraries and tools that lets developers write code to store, access, and manage unstructured data in Microsoft Azure's blob storage service.
Blob tier
Blob tier is a category of storage in cloud platforms (like Azure Blob Storage) that defines the cost, performance, and access frequency of data, with tiers ranging from hot for frequent access to cool and archive for rarely accessed data.
Block size
Block size is the amount of data, measured in bytes, that a system reads or writes in a single operation, affecting storage efficiency and network performance.
Blocking state
A port state in Spanning Tree Protocol (STP) where the port is prevented from forwarding traffic to avoid loops in a redundant network.
BloodHound
BloodHound is a graph-based tool that maps relationships within an Active Directory environment to identify attack paths that could lead to privilege escalation.
Blue screen of death
A critical system error screen displayed by Windows when it encounters a fatal issue it cannot recover from, forcing a restart.
Blue Screen of Death Analysis
Blue Screen of Death Analysis is the process of diagnosing the cause of a critical Windows system error that forces the computer to restart and displays a blue screen with error details.
Blue team
The Blue team is the group of cybersecurity professionals responsible for defending an organization's systems, networks, and data against attacks and maintaining the security posture.
Blue-green deployment
Blue-green deployment is a release strategy that reduces downtime and risk by running two identical production environments, one live and one idle, enabling instant traffic switching between them.
Blueprint
A blueprint in IT certification is a document that outlines the topics, skills, and weighting for an exam, telling you exactly what to study.
Bluetooth
Bluetooth is a short-range wireless technology used to connect devices like keyboards, mice, headphones, and smartphones without cables.
Bluetooth Configuration
Bluetooth Configuration is the process of setting up and managing wireless connections between devices like smartphones, laptops, and peripherals using short-range radio frequency.
Bluetooth Hacking
Bluetooth hacking is the unauthorised access or manipulation of a device through its Bluetooth wireless connection.
Bluetooth module
A Bluetooth module is a small hardware component that enables wireless communication between devices over short distances using Bluetooth technology.
BNC
BNC (Bayonet Neill-Concelman Connector) is a miniature coaxial connector used for terminating coaxial cables in networking, video, and RF applications.
Board
In Azure DevOps, a Board is a visual tool that helps teams plan, track, and manage work items through different stages of a development process.
Boot loop
A boot loop is a computer startup failure where the device repeatedly turns on and off or restarts without ever fully loading the operating system.
Border Gateway Protocol
Border Gateway Protocol (BGP) is the routing protocol that directs data packets between the autonomous systems that make up the global internet.
Botnet
A botnet is a network of computers or devices infected with malware and controlled remotely by an attacker to carry out coordinated malicious activities without the owners' knowledge.
BPDU
A Bridge Protocol Data Unit is a layer 2 frame that switches use to exchange information about the Spanning Tree Protocol (STP) to prevent network loops.
BPDU Guard
BPDU Guard is a Cisco switch feature that protects the network from unauthorized devices by disabling a port if it receives a Bridge Protocol Data Unit (BPDU).
Branch
A branch is a pointer to a specific commit in a version control system that allows you to work on features or fixes in isolation from the main codebase.
Branch policy
A branch policy is a set of rules and conditions enforced on a Git branch to control how code changes are proposed, reviewed, and merged, ensuring code quality and protecting critical branches.
Brewer-Nash
Brewer-Nash is a security model that prevents conflicts of interest by restricting access to data based on the user's past access history and organizational membership.
Bridge
A network device that connects two or more Local Area Networks (LANs) or segments, forwarding traffic based on MAC addresses to reduce collision domains.
Bridge ID
The Bridge ID is an 8-byte value used in Spanning Tree Protocol to uniquely identify each bridge or switch in a network and determine the root bridge of the spanning tree topology.
Bridge priority
Bridge priority is a numerical value used in Spanning Tree Protocol to determine which switch becomes the root bridge in a network.
Bridge Protocol Data Unit
A Bridge Protocol Data Unit (BPDU) is a special message that network switches exchange to detect and prevent loops in an Ethernet network.
Bring Your Own Device
A policy allowing employees to use their personal laptops, smartphones, or tablets for work tasks instead of using company-issued equipment.
Broadband
Broadband is a high-speed internet connection that can carry multiple data signals at once, like having a wide highway for all your online traffic.
Broadcast address
A broadcast address is a special network address used to send data to every device on a local network segment simultaneously.
Broadcast domain
A broadcast domain is a network segment where any device can send a broadcast message that all other devices on that segment will receive and process.
Broadcast network
A broadcast network is a type of communication network where a single message sent from one device is received by all other devices connected to the same network segment.
Broadcast OSPF
Broadcast OSPF is a mode of OSPF operation used on multi-access broadcast networks (like Ethernet) where routers automatically discover neighbors and elect a Designated Router to reduce routing update traffic.
Broken access control
Broken access control is a security vulnerability that occurs when an application does not properly enforce restrictions on what authenticated users are allowed to do, allowing them to access unauthorized data or perform unauthorized actions.
Browser redirect
A browser redirect is when a web browser automatically sends a user from one web address to a different one, often without the user clicking anything, which can be caused by legitimate server instructions, malware, or network interference.
Brute force attack
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
BSOD
A Blue Screen of Death (BSOD) is a stop error screen displayed by Windows when a critical system error forces the operating system to shut down to prevent damage.
BSSID
A BSSID is the MAC address of an access point's radio interface, uniquely identifying a wireless cell in a WLAN.
Btrfs
Btrfs is a modern copy-on-write file system for Linux that focuses on data integrity, snapshots, and advanced storage features.
Budgets
Budgets in cloud computing are monitoring tools that allow you to set spending limits and receive alerts when your costs approach or exceed those limits.
Buffer overflow
A buffer overflow is a type of software vulnerability where a program writes more data to a memory buffer than it was designed to hold, causing adjacent memory to be overwritten.
Bug
A bug is an error, flaw, or fault in software that causes it to produce an incorrect or unexpected result, or to behave in unintended ways.
Build artifact
A build artifact is the packaged, deployable output created by a build process, such as a compiled binary, ZIP file, or container image, that is stored for later use in testing or release.
Build pipeline
A build pipeline is an automated sequence of steps that compiles source code into a deployable artifact, running tests and checks along the way.
Business continuity
Business continuity is the capability of an organization to continue delivering essential services during and after a disruptive event.
Business continuity plan
A Business continuity plan (BCP) is a documented strategy that outlines how an organization will continue critical operations during and after a disruptive event.
Business Continuity Planning
Business Continuity Planning is the process of creating a strategy to keep an organization's essential functions running during and after a major disruption.
Business email compromise
Business email compromise is a sophisticated cyberattack where a criminal impersonates a trusted person or organization via email to trick the victim into transferring money or revealing sensitive information.
Business impact analysis
A systematic process used to identify and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency.
BYOD
BYOD (Bring Your Own Device) is a policy allowing employees to use their personal devices for work tasks, increasing flexibility but introducing security and management challenges.
Cable internet
Cable internet is a type of broadband internet access that uses the same coaxial copper cables as cable television to deliver high-speed data to homes and businesses.
Cable tester
A cable tester is a device used to verify that network or electrical cables are wired correctly and can carry signals without interruption.
Cache
Cache is a small, fast storage area that keeps copies of frequently accessed data so future requests for that data can be served more quickly.
Caching
Caching is the process of storing copies of frequently accessed data in a temporary storage location, known as a cache, so that future requests for that data can be served faster and with less computational effort.
Calibration
Calibration is the process of adjusting a printer to ensure colors and alignment are accurate according to a standard.
CAM table
A CAM table is a memory table inside a network switch that maps each connected device's MAC address to the specific switch port where that device is located.
CAN
A CAN (Controller Area Network) is a robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other without a host computer.
Canary deployment
A canary deployment is a software release strategy where a new version of an application is gradually rolled out to a small subset of users before being made available to everyone.
Canonical Name
A DNS record that maps an alias domain name to the official or canonical domain name, like a nickname pointing to a real name.
Capacity and performance management
Capacity and performance management is the practice of ensuring that IT services have the right amount of resources to meet current and future demand while maintaining agreed performance levels.
CapEx
CapEx (Capital Expenditure) is the money a company spends upfront to buy, build, or improve physical assets like servers, buildings, or equipment, which are then owned and depreciated over time.
Captive portal
A captive portal is a web page that you must see and interact with before you are allowed full access to a public or guest Wi-Fi network.
CAPWAP
CAPWAP (Control and Provisioning of Wireless Access Points) is a standard protocol that allows a central controller to manage multiple wireless access points, separating the control plane from the data plane in a wireless network.
Card reader
A card reader is a hardware device that reads data stored on various types of cards, such as memory cards, smart cards, or identification cards, and transfers it to a computer or other system.
CASB
A Cloud Access Security Broker is a security policy enforcement point placed between cloud service consumers and cloud providers to monitor, control, and protect access to cloud resources.
Catch block
A catch block is a section of code in programming that handles errors by specifying what to do when a particular type of exception or error occurs in a try block.
CD
Continuous Delivery is a software engineering practice where code changes are automatically built, tested, and prepared for release to production.
CDK
The AWS Cloud Development Kit (CDK) is an infrastructure-as-code tool that lets you define cloud resources using familiar programming languages instead of writing YAML or JSON templates.
CDN
A CDN is a distributed network of servers that delivers web content to users based on their geographic location.
CDP
CDP is a Cisco proprietary protocol used by network devices to share information about themselves with directly connected neighbors, helping network administrators discover and understand the topology.
Cellular network
A cellular network is a wireless communication system that divides a geographic area into smaller zones called cells, each served by a fixed-location transceiver, to enable mobile devices like smartphones to communicate with each other and with the internet.
Cellular WAN
A wide-area network that uses cellular towers and mobile data technology to connect devices to the internet without physical cables.
Central Processing Unit
The Central Processing Unit (CPU) is the main chip in a computer that executes instructions from software, acting as the brain of the system.
Certificate authority
A trusted entity that issues digital certificates to verify the identity of websites, devices, and users in secure online communications.
Certificate pinning
Certificate pinning is a security technique that associates a specific digital certificate or public key with a particular server, so that an app or system will only trust that exact certificate, rejecting any others even if they are issued by a trusted certificate authority.
Certificate signing request
A Certificate Signing Request (CSR) is a specially formatted message sent by an applicant to a Certificate Authority (CA) to request a digital certificate that binds their public key to their identity.
Certificate warning
A certificate warning is a security alert a web browser or application displays when it cannot fully trust the digital certificate presented by a website or service.
Chain of custody
Chain of custody is a documented process that tracks the handling, transfer, and possession of evidence or digital assets from the moment they are collected until they are presented in court or used in an investigation.
Change Control Process
A formal, structured procedure used to manage any changes to a project's scope, schedule, budget, or requirements, ensuring every modification is reviewed, approved, tested, and documented before implementation.
Change enablement
Change enablement is the practice of controlling and managing all changes to IT services and infrastructure in a way that minimizes risk while delivering value.
Change management
Change management is the structured process of planning, approving, implementing, and reviewing changes to IT systems to minimize risk and disruption.
Chaos engineering
Chaos engineering is the practice of intentionally injecting failures into a system to test its resilience and find weaknesses before they cause real outages.
Check
A Check in Azure DevOps is a gating mechanism that evaluates predefined conditions before allowing a pipeline deployment to proceed to a specific environment.
chgrp
The chgrp command changes the group ownership of files and directories in Linux and Unix-like operating systems.
Chipset
A chipset is a collection of electronic components on a motherboard that manages data flow between the processor, memory, storage, and peripherals.
chmod
chmod is a command in Linux and Unix-like operating systems used to change the permissions (read, write, execute) of a file or directory.
Choice state
A Choice state in AWS Step Functions is a branching element that evaluates conditions and directs the workflow to a specific next state based on the input data.
chown
chown is a Linux/Unix command used to change the owner and group associated with a file or directory.
ChromeOS
ChromeOS is Google's lightweight operating system designed primarily for web-based applications and cloud computing, running on Chromebooks and other Chrome devices.
CI
CI (Continuous Integration) is a software development practice where developers frequently merge their code changes into a shared repository, and each merge is automatically built and tested to catch errors early.
CIA triad
The CIA triad is a foundational security model that guides organizations in protecting data through confidentiality, integrity, and availability.
CIDR
CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and routing IP packets that replaces the older class-based system, allowing more flexible and efficient use of address space.
CIDR notation
CIDR notation is a compact way to represent an IP address and its associated network prefix, showing how many bits of the address identify the network versus the host.
Cisco AP Modes
Cisco AP Modes are different operational states a wireless access point can use, determining how it handles traffic, management, and security in a network.
Cisco Discovery Protocol
A proprietary Layer 2 network protocol used by Cisco devices to discover information about directly connected neighbor devices.
Cisco DNA Center
A centralized network management and automation platform from Cisco that provides intent-based networking for easier configuration, monitoring, and troubleshooting of Cisco devices.
Cisco DNA Center Assurance
Cisco DNA Center Assurance is a network monitoring and analytics tool within Cisco's DNA Center platform that provides real-time visibility, proactive alerts, and historical insights into network health, performance, and user experience.
Cisco DNA Center Automation
Cisco DNA Center Automation is a centralized software platform that simplifies network management by automatically configuring, monitoring, and troubleshooting Cisco devices using policy-driven intent and software tools.
Cisco DNA Center Wireless
Cisco DNA Center Wireless is a centralized management platform that uses intent-based networking to automate, configure, monitor, and troubleshoot wireless networks across an enterprise.
Cisco Enterprise Architecture Model
A structured design framework that organizes a large company's network into functional layers and modules, helping IT teams plan, build, and manage scalable and secure enterprise networks.
Cisco ISE
Cisco Identity Services Engine is a security policy management platform that controls who can access a network and what they can do once connected.
Cisco SD-Access
Cisco Software-Defined Access is a network architecture that uses a central controller to automate and secure user and device access across an enterprise network.
Cisco SD-WAN
Cisco SD-WAN is a software-defined wide area network architecture that separates the control and data planes to centrally manage and optimize traffic across multiple WAN connections.
Cisco TrustSec
Cisco TrustSec is a security architecture that uses identity-based access control and encryption to protect network traffic, rather than relying only on IP addresses and VLANs.
Cisco Umbrella
Cisco Umbrella is a cloud-based security platform that protects users from malicious internet destinations by filtering DNS requests and blocking access to dangerous websites.
Cisco Virtual Topology System
Cisco Virtual Topology System is a software-defined networking solution that creates and manages virtual network overlays across physical and virtual infrastructure for enterprise networks.
Clark-Wilson
A security model that enforces data integrity by ensuring that only authorized, well-formed transactions change data, and that those changes are logged and controlled.
Classic pipeline
A Classic pipeline is a traditional, UI-driven build and release management system in Azure DevOps that uses a visual designer rather than YAML code to define continuous integration and continuous delivery workflows.
Classification
Classification is a supervised machine learning technique used to predict a category or class label for new data based on patterns learned from labeled training data.
Classless Inter-domain Routing
Classless Inter-domain Routing (CIDR) is a method for allocating IP addresses and routing IP packets more efficiently by replacing the old class-based system with variable-length subnet masks.
CLI
A CLI (command-line interface) is a text-based way to interact with a computer's operating system by typing commands instead of clicking icons.
Client-server model
A network architecture where one computer (the client) requests services or resources from another computer (the server), which provides them.
Cloud account
A cloud account is a digital identity that grants you access to cloud services like computing power, storage, and databases from a provider such as AWS, Azure, or Google Cloud.
Cloud AI APIs
Cloud AI APIs are pre-built, cloud-hosted interfaces that allow developers to integrate artificial intelligence capabilities into applications without building or training models from scratch.
Cloud Armor
Cloud Armor is a Google Cloud web application firewall (WAF) service that protects applications and websites from attacks like DDoS and SQL injection using customizable security rules.
Cloud Audit Logs
Cloud Audit Logs are a record of actions taken by users, services, and resources inside a cloud environment, capturing who did what, when, and from where.
Cloud Build
Cloud Build is a managed service that compiles source code into deployable artifacts, often used in continuous integration and continuous delivery pipelines.
Cloud CDN
A Cloud CDN is a network of servers spread around the world that stores copies of your website or app content so it loads faster for users no matter where they are.
Cloud Composer
Cloud Composer is a fully managed workflow orchestration service built on Apache Airflow that helps you create, schedule, monitor, and manage workflows across clouds and on-premises environments.
Cloud computing
Cloud computing is the on-demand delivery of IT resources over the internet, allowing users to access computing power, storage, and applications without owning physical hardware.
Cloud Deploy
Cloud Deploy is the process of releasing software applications and updates from development to production environments that run on cloud infrastructure.
Cloud Deployment Manager
A Cloud Deployment Manager is a service or tool that helps IT teams define, deploy, and manage cloud infrastructure resources as reusable, code-defined templates.
Cloud DLP
Cloud DLP (Data Loss Prevention) is a set of tools and policies that protect sensitive data stored, processed, or shared in cloud services from unauthorized access, leaks, or breaches.
Cloud DNS
A managed domain name system service that translates human-readable domain names into IP addresses, enabling reliable and scalable network routing in cloud environments.
Cloud Functions
Cloud Functions are serverless compute services that let you run single-purpose code in response to events without managing servers.
Cloud governance
Cloud governance is the framework of policies, processes, and controls that ensure an organization's cloud usage is secure, cost-effective, compliant, and aligned with business goals.
Cloud IAM
Cloud IAM (Identity and Access Management) is a framework of policies and technologies that ensures the right individuals have appropriate access to cloud resources at the right time and for the right reasons.
Cloud Interconnect
Cloud Interconnect is a service that provides a dedicated, private, high-bandwidth connection between your on-premises network and a cloud provider's network, bypassing the public internet for improved reliability, security, and performance.
Cloud KMS
Cloud KMS (Key Management Service) is a cloud-based service that lets you create, manage, and use encryption keys to protect your data at rest and in transit.
Cloud Load Balancing
Cloud Load Balancing is the process of distributing incoming network traffic across multiple servers or resources in the cloud to ensure no single resource is overwhelmed, improving availability and reliability.
Cloud logging
Cloud logging is the practice of collecting, storing, and analyzing log data generated by cloud-based resources and applications to monitor performance, troubleshoot issues, and maintain security.
Cloud management gateway
A Cloud management gateway is a network appliance or software service that securely connects devices on a local network to a cloud-based management platform, enabling remote monitoring, configuration, and updates.
Cloud migration
Cloud migration is the process of moving digital assets like data, applications, and IT resources from on-premises data centers to the cloud, or from one cloud environment to another.
Cloud Monitoring
Cloud monitoring is the process of observing, measuring, and managing an organization's cloud infrastructure and applications to ensure performance, availability, and security.
Cloud NAT
Cloud NAT is a managed network address translation service that allows private cloud resources to initiate outbound internet connections while keeping them unreachable from the internet.
Cloud Native Concepts
Cloud native concepts are a set of practices and technologies that allow applications to be built, deployed, and scaled dynamically in modern cloud environments like public, private, and hybrid clouds.
Cloud productivity
Cloud productivity refers to the use of internet-based software applications and services that enable individuals and teams to create, collaborate, manage, and share work from anywhere, on any device, without requiring local installation or maintenance of the underlying infrastructure.
Cloud Profiler
A cloud profiler is a tool that continuously monitors and analyzes the performance characteristics of applications running in the cloud, helping identify which parts of the code consume the most resources like CPU, memory, or time.
Cloud Router
A cloud router is a virtual networking device in a cloud environment that manages traffic between different virtual networks and connects them to on-premises networks using dynamic routing protocols.
Cloud Run
Cloud Run is a fully managed compute platform from Google Cloud that lets you run containerized applications in a serverless environment, automatically scaling from zero to thousands of requests.
Cloud Run for Anthos
Cloud Run for Anthos is a Google Cloud service that lets you run containerized applications in a serverless way on your own Kubernetes clusters, whether on-premises or in the cloud.
Cloud SDK
A Cloud SDK is a set of software tools and libraries that developers use to build, manage, and interact with cloud services programmatically.
Cloud security architecture
Cloud security architecture is the design and organization of security controls, policies, and technologies used to protect data, applications, and infrastructure in a cloud computing environment.
Cloud security posture management
Cloud security posture management is the continuous process of monitoring cloud environments to detect misconfigurations, compliance violations, and security risks, and automatically remediating them to maintain a strong security posture.
Cloud Shell
Cloud Shell is a browser-based command-line interface that gives you temporary access to a cloud provider’s infrastructure, complete with pre-installed tools and a file system, without needing to install anything on your own computer.
Cloud Source Repositories
Cloud Source Repositories are fully managed, private Git repositories hosted on a cloud provider that allow teams to store, manage, and collaborate on source code with built-in access control and integration with CI/CD pipelines.
Cloud Spanner
Cloud Spanner is a fully managed, globally distributed relational database service from Google Cloud that combines the benefits of relational database structure with horizontal scalability and strong consistency.
Cloud SQL
Cloud SQL is a fully managed relational database service that lets you set up, maintain, and scale SQL databases (like MySQL, PostgreSQL, and SQL Server) in the cloud without managing the underlying infrastructure.
Cloud storage
Cloud storage is a service that lets you save data on remote servers accessed over the internet instead of on your computer's hard drive.
Cloud Storage classes
Cloud Storage classes are categories of data storage services offered by cloud providers that differ in performance, availability, cost, and access frequency, allowing users to optimize costs based on how often data is accessed.
Cloud sync
Cloud sync is the process of automatically keeping data files or configurations consistent between a local device and a remote cloud storage service by synchronizing changes made on either side.
Cloud Trace
Cloud Trace is a managed service that collects latency data from applications and infrastructure to help you understand and troubleshoot performance bottlenecks across distributed systems.
Cloud Translation
Cloud Translation is a managed service that uses machine learning to dynamically translate text between languages over the internet.
Cloud VPN
A Cloud VPN is a service that securely connects your private network to a cloud provider's network over the public internet using encryption and authentication.
Cloud-native
Cloud-native is a modern approach to building and running applications that fully exploits the cloud computing model by using containers, microservices, serverless functions, and automated orchestration to achieve scalability, resilience, and rapid delivery.
Cloud-only identity
A cloud-only identity is a user account that exists solely in a cloud-based identity provider and has no counterpart in any on-premises directory service.
CloudFormation
CloudFormation is an AWS service that lets you define and provision your cloud infrastructure using code, so you can create and manage resources consistently and repeatably.
CloudFormation Stack
A CloudFormation Stack is a collection of AWS resources that are created, managed, and deleted together as a single unit using a template.
CloudFormation StackSet
A CloudFormation StackSet is a feature that lets you deploy and manage a collection of stacks across multiple AWS accounts and Regions from a single template.
CloudFront
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds.
CloudTrail
AWS CloudTrail is a service that records every action taken in your AWS account, creating a detailed log of who did what and when for security and auditing purposes.
CloudWatch
CloudWatch is an AWS monitoring service that tracks metrics, logs, and alarms for your cloud resources so you can see what’s happening and respond to issues.
CloudWatch Alarms
A feature of Amazon CloudWatch that monitors metrics and automatically takes actions when a specified threshold is breached.
CloudWatch Container Insights
CloudWatch Container Insights is a managed monitoring service that collects, aggregates, and summarizes metrics and logs from containerized applications and microservices running on Amazon Web Services.
CloudWatch Events
CloudWatch Events is an AWS service that delivers a near real-time stream of system events describing changes in AWS resources and enables you to set up automated responses using rules.
CloudWatch Logs
A service from Amazon Web Services that lets you collect, monitor, and store log files from your AWS resources and applications.
CloudWatch Logs Insights
CloudWatch Logs Insights is a fully managed service within AWS that lets you interactively search, analyze, and query log data stored in Amazon CloudWatch Logs using a purpose-built query language.
CloudWatch metric
A CloudWatch metric is a time-ordered data point or set of data points that represents the performance, health, or operational state of an AWS resource, environment, or application.
CloudWatch Metrics
CloudWatch Metrics are time-ordered data points that track the performance and health of AWS resources and applications, enabling monitoring and alerting.
CloudWatch Synthetics
CloudWatch Synthetics is an AWS service that lets you create canaries—configurable scripts that run on a schedule to monitor your endpoints and APIs, simulating user behavior to detect issues before they affect real customers.
Clustering
Clustering is a technique where multiple servers work together as a single system to keep applications running even if one server fails.
ClusterIP NodePort LoadBalancer
ClusterIP, NodePort, and LoadBalancer are three types of Kubernetes Services that control how traffic reaches your application pods inside the cluster or from outside.
CMG
CMG (Cloud Management Gateway) is a Microsoft Intune component that lets you manage internet-based devices without a direct connection to your on-premises infrastructure.
CMOS
CMOS is a small memory chip on a computer motherboard that stores important system settings like date, time, and hardware configuration, even when the power is off.
CNAME record
A CNAME (Canonical Name) record is a type of DNS resource record that maps an alias domain name to the canonical (true) domain name.
CNI Plugins
CNI plugins are modular software components that configure container network interfaces according to the Container Network Interface specification, allowing containers to communicate within a Kubernetes cluster.
Co-management
Co-management is a device management strategy that lets organizations simultaneously manage Windows 10 and later devices using both Configuration Manager (on-premises) and Microsoft Intune (cloud), enabling a gradual transition to modern management.
Cobalt Strike
Cobalt Strike is a commercial penetration testing tool used by security professionals to simulate advanced cyberattacks, but it is also widely abused by real adversaries for post-exploitation and command-and-control operations.
COBIT
Control Objectives for Information and Related Technologies — an IT governance framework for managing and auditing IT processes.
Code of ethics
A set of principles and rules that guide IT professionals to act with integrity, honesty, and responsibility in their work.
Code review
A code review is a systematic examination of source code by one or more developers to find defects, improve quality, and enforce coding standards before it is merged into the main codebase.
CodeArtifact
CodeArtifact is a fully managed artifact repository service that lets you securely store, share, and package software dependencies used in your development workflow.
CodeBuild
CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy.
CodeCommit
AWS CodeCommit is a fully managed source control service that hosts private Git repositories in the cloud, allowing teams to securely collaborate on code without managing their own servers.
CodeDeploy
CodeDeploy is an AWS service that automates software deployments to various compute services, helping you release new features reliably and with minimal downtime.
CodePipeline
AWS CodePipeline is a fully managed continuous delivery service that automates the build, test, and deploy phases of your software release process.
CodeQL
CodeQL is a semantic code analysis engine used by developers to find security vulnerabilities in source code by treating code as data and querying it for potential flaws.
Cognitive skill
A cognitive skill is the ability of an AI system to interpret, analyze, and respond to data in a way that mimics human thought processes, enabling tasks like understanding language, recognizing images, and making decisions.
Cold standby
Cold standby is a disaster recovery strategy where a backup system remains powered off and inactive until a primary system fails, requiring manual intervention to bring it online.
Cold start
A cold start is the initial delay a serverless or containerized application experiences when it is invoked for the first time or after a period of inactivity, while the underlying infrastructure initializes.
Collaborate and promote visibility
An ITIL 4 guiding principle that encourages working across teams and sharing information openly to improve decision-making, reduce surprises, and increase trust in service management.
Collaboration
Collaboration in Microsoft 365 refers to the integrated tools and services that enable people to work together in real time, share information, and coordinate tasks from anywhere.
Collision domain
A segment of a network where data packets can collide with one another when two or more devices transmit at the same time.
Column
A column is a vertical set of values in a database table that stores one specific type of attribute for every row.
Column Address Strobe
Column Address Strobe (CAS) is a signal in DRAM memory that tells the memory chip which column of the row to access during a read or write operation.
Column-Level Security
Column-Level Security is a database feature that restricts access to specific columns in a table, allowing only authorized users to see sensitive data within those columns.
Command injection
Command injection is a security vulnerability where an attacker inserts malicious commands into a system through an input field, tricking the application into executing them on the underlying operating system.
Command output
Command output is the text or data displayed on a screen after you type and run a command in a terminal, command prompt, or shell.
Command Prompt
Command Prompt is a text-based interface in Windows that lets you type commands to perform tasks like managing files, troubleshooting networks, or launching programs.
Command-line Interface
A command-line interface (CLI) is a text-based tool that lets you control a computer or network device by typing commands instead of clicking icons.
Committed use discount
A pricing model where you agree to use a minimum amount of cloud resources for a set term in exchange for lower rates.
Common Access Card
A Common Access Card (CAC) is a smart card issued by the U.S. Department of Defense that serves as a single identification, authentication, and access credential for military personnel and contractors.
Common Criteria
Common Criteria is an international standard (ISO 15408) that provides a common framework for evaluating the security features and capabilities of information technology products.
Common Internet File System
The Common Internet File System (CIFS) is a network protocol that allows computers to share files, printers, and other resources over a local network or the internet.
Communication Compliance
Communication Compliance is the set of policies, tools, and practices used by organizations to monitor, capture, and review electronic communications in order to meet regulatory, legal, and internal governance requirements.
Communication Management
Communication management is the process of planning, executing, and controlling the flow of information among project stakeholders to ensure clear, timely, and effective exchanges.
Communication site
A Communication site in Microsoft 365 is a SharePoint-based intranet site designed to broadcast information, news, and updates broadly across an organization.
Community cloud
A community cloud is a multi-tenant cloud infrastructure shared by several organizations with common concerns, such as compliance, security, or industry regulations.
Company Portal
Company Portal is a Microsoft app that gives employees a secure, self-service way to enroll devices, access company apps, and manage work resources from any device.
Compartmented security mode
Compartmented security mode is a multilevel security (MLS) system where subjects are cleared for all sensitivity levels but only have access to specific compartments of information based on their need-to-know.
Compatibility mode
Compatibility mode is a software setting that allows a program or operating system designed for an older version of Windows to run on a newer version by mimicking the older environment.
Compensating control
A compensating control is a security measure implemented to reduce risk when a primary control cannot be used or is insufficient.
Complementary Metal-Oxide Semiconductor
A type of semiconductor technology used in microchips that combines two types of transistors to create circuits with very low power consumption.
Compliance
Compliance is the process of ensuring that an organization follows laws, regulations, standards, and internal policies that apply to its operations and data handling.
Compliance and Regulations
Compliance and regulations are the set of laws, rules, and standards that organizations must follow to ensure their operations are legal, ethical, and secure.
Compliance Manager
A Compliance Manager is a tool or service that helps organizations assess, monitor, and improve their adherence to regulatory standards, industry frameworks, and internal policies.
Compliance Monitoring Strategy
A compliance monitoring strategy is a planned approach to continuously check that an organization's systems, data, and processes follow legal, regulatory, and internal policy requirements.
Compliance policy
A compliance policy is a set of rules that ensures devices, users, and applications meet an organization's security and regulatory requirements before they can access corporate resources.
Compliance scan
A compliance scan is an automated security assessment that checks systems, networks, and applications against a defined set of regulatory or organizational standards to verify adherence to required policies.
Compliance state
Compliance state is the current status of a system, application, or device indicating whether it meets a defined set of security policies, regulatory requirements, or configuration standards.
Compute Engine
Compute Engine is Google Cloud's Infrastructure-as-a-Service (IaaS) offering that lets you create and run virtual machines on Google's infrastructure.
Compute Optimizer
A service that analyzes cloud computing resources and recommends changes to improve performance and reduce costs.
Computer Management
Computer Management is a built-in Microsoft Windows tool that gives IT professionals a central console to manage system components like disks, users, services, and event logs.
Computer vision
Computer vision is a field of artificial intelligence that enables computers to interpret and make decisions based on visual data from the world, such as images and videos.
Concurrency
Concurrency is the ability of a system to handle multiple tasks at the same time by dividing resources and switching between them efficiently.
Conditional access
Conditional access is a security framework that evaluates signals like user location, device health, and risk level to grant or block access to resources in real time.
Conditional Access integration
Conditional Access integration is a security framework that evaluates signals such as user identity, location, device state, and application sensitivity to grant or block access to resources before a session is established.
Conditional Access policy
A Conditional Access policy is a set of rules in Microsoft Entra ID that automatically grants or blocks access to cloud apps based on signals like user identity, location, device health, and risk level.
Conditional write
A conditional write is an operation that only completes if a specified condition is met, preventing data overwrites or collisions in distributed systems.
Conditionals
Conditionals are logical structures in programming and scripting that make decisions by checking if a condition is true or false, then executing different code based on that result.
Confidence score
A confidence score is a number (often between 0 and 1 or 0 and 100%) that tells you how likely it is that an AI model's prediction or answer is correct.
Confidentiality
Confidentiality means keeping sensitive information secret and accessible only to authorized people or systems.
Confidentiality Integrity and Availability
The CIA Triad is a foundational security model that ensures data is kept secret, unaltered, and accessible when needed.
ConfigMap Usage
ConfigMap Usage is the practice of storing and injecting configuration data, like environment variables or files, into containerized applications separately from the application code.
ConfigMaps
A ConfigMap is a Kubernetes object that lets you store configuration data separately from your application code, so you can change settings without rebuilding or redeploying your container images.
Configuration backup
A configuration backup is a saved copy of a device's settings, such as router interfaces, firewall rules, or switch VLANs, that can be restored if the device fails or is misconfigured.
Configuration baseline
A configuration baseline is a fixed reference point that documents the approved hardware, software, settings, and performance parameters of an IT system or network component at a specific point in time.
Configuration drift
Configuration drift is the gradual, unplanned change in a system's configuration settings over time, causing it to deviate from its original or desired state.
Configuration file
A configuration file is a plain text or structured file that stores settings and parameters used by software, an operating system, or a hardware device to define how it should behave or operate.
Configuration management
Configuration management is the process of systematically tracking and controlling changes to a system's hardware, software, and settings to maintain consistency and reliability.
Configuration Management Database
A Configuration Management Database (CMDB) is a centralized repository that stores information about all the hardware, software, and other components in an IT system and their relationships.
Configuration Manager
Configuration Manager is a systems management tool by Microsoft that helps IT administrators deploy software, enforce security policies, and manage devices across an organization.
Configuration profile
A configuration profile is a set of settings and policies that can be applied remotely to devices to enforce security, compliance, and customization rules.
Configuration scan
A configuration scan is an automated process that checks a system or network device against a known baseline to find settings that are insecure or out of compliance.
Conflict Resolution
Conflict resolution is the process of addressing and resolving disagreements between team members or stakeholders to maintain a productive and collaborative project environment.
Connected route
A connected route is a network path that a router knows about automatically because it has a network interface directly connected to that network.
Connection troubleshoot
Connection troubleshoot is the process of identifying and resolving issues that prevent a device from establishing or maintaining a network connection.
Connector
A Connector is a service or tool that bridges two applications or systems to allow them to exchange data and perform automated tasks without manual intervention.
Consistency level
Consistency level is a setting in Azure data services that determines how quickly and accurately data is synchronized across multiple copies in a distributed system.
Consumption-based pricing
Consumption-based pricing is a cloud billing model where you pay only for the resources you actually use, rather than paying a fixed upfront fee.
Container
A container is a lightweight, standalone software package that includes everything needed to run an application, such as code, runtime, system tools, and libraries.
Container Analysis
Container Analysis is the process of examining container images and running containers for security vulnerabilities, misconfigurations, and compliance issues before deployment.
Container escape
A container escape is a security exploit where an attacker breaks out of the isolated environment of a container to gain unauthorized access to the host operating system or other containers.
Container image scan
Container image scan is the automated process of inspecting a container image for security vulnerabilities, misconfigurations, and exposed secrets before it is deployed.
Container instance
A container instance is a running software package created from a container image that includes its own code, runtime, and dependencies, isolated from the host system.
Container Logs
Container logs are records of output generated by applications running inside a container, showing what the application did, errors it encountered, or status updates it produced.
Container Orchestration Basics
Container orchestration is the automated process of managing, deploying, scaling, and networking containers across multiple servers.
Container Orchestration Design
Container orchestration design is the process of planning and structuring how containers are deployed, scaled, managed, and connected across a cluster of computers in a reliable and automated way.
Container registry
A container registry is a centralized storage and distribution system for container images, enabling developers to push, pull, and manage versions of application snapshots across environments.
Container Runtime
A container runtime is software that runs containers by using the host operating system's kernel to isolate processes, manage filesystem layers, and handle networking.
Container Runtime Interface
The Container Runtime Interface (CRI) is a standardized plugin protocol that allows Kubernetes to work with different container runtimes without needing to change its core code.
Container Runtime Sandbox
A container runtime sandbox is a security boundary that isolates a container from the host system and other containers, preventing malicious or broken processes from escaping and causing harm.
Container scanning
Container scanning is the automated process of inspecting container images for known security vulnerabilities, misconfigurations, and compliance issues before they are deployed.
Container security
Container security is the practice of protecting containerized applications and their underlying infrastructure from threats throughout the entire lifecycle.
Container-optimised OS
A container-optimised OS is a minimal, lightweight operating system specifically designed and configured to run containerized applications efficiently, securely, and at scale.
Containment
Containment is the incident response phase where security teams isolate a compromised system or network to prevent the threat from spreading further while preserving evidence.
Containment strategy
A containment strategy is a set of actions taken during a security incident to stop the threat from spreading or causing further damage while preserving evidence for analysis.
Content delivery
Content delivery is the process of efficiently distributing digital files such as videos, web pages, and software from origin servers to end users over a network.
Content Delivery Network
A Content Delivery Network is a system of distributed servers that deliver web content to users based on their geographic location, improving speed and reliability.
Content filter
A content filter is an AI-powered safety system that screens user prompts and AI-generated responses for harmful, offensive, or restricted content, helping to ensure responsible use of Azure AI services.
Content-addressable Memory
Content-addressable Memory (CAM) is a special type of computer memory used in high-speed networking devices that searches its entire contents in a single clock cycle to find a matching value, rather than searching one address at a time.
Continual improvement
Continual improvement is an ongoing effort to enhance services, processes, and products by making incremental or breakthrough improvements over time.
Continuity management
Continuity management is the practice of ensuring that an organization can continue to deliver its critical services during and after a disruptive event by planning, preparing, and testing recovery processes.
Continuous delivery
Continuous delivery is a software engineering practice where code changes are automatically built, tested, and prepared for a release to production, with every change being deployable at the push of a button.
Continuous deployment
Continuous deployment is a software release practice where every code change that passes automated tests is automatically deployed to production without human approval.
Continuous integration
Continuous integration is a DevOps practice where developers frequently merge their code changes into a shared repository, with each merge triggering an automated build and test process to catch integration errors early.
Contributor role
The Contributor role is a built-in Azure role that grants full access to manage resources within a scope but does not allow granting access to other users.
Control Panel
Control Panel is a central graphical interface in Windows operating systems used to configure system settings, manage hardware, and control user preferences.
Control plane
The control plane is the part of a network that makes decisions about how data should be forwarded, defining routes and policies without actually moving the data itself.
Control Plane Policing
Control Plane Policing is a Cisco security feature that protects a router or switch by rate-limiting the traffic that the device's processor must handle, preventing it from being overwhelmed.
Control Plane Protection
Control Plane Protection (CoPP) is a security feature on Cisco routers and switches that filters traffic destined to the device's control plane to prevent attacks and ensure stability.
Controller
A controller is a hardware chip or software program that manages data flow and communication between a computer's operating system and its connected devices or networks.
Controller-based networking
Controller-based networking is a network architecture where a central software controller manages and directs traffic flows across multiple network devices, replacing the need to configure each switch or router individually.
Conversational language understanding
Conversational language understanding is an Azure AI service that helps applications interpret natural human language in conversations or text inputs.
Convertible laptop
A convertible laptop is a mobile device that can switch between a traditional laptop form and a tablet form, typically by rotating or detaching its keyboard.
Cool tier
Cool tier is a low-cost, online-only storage access tier in Microsoft Azure Blob Storage designed for data that is infrequently accessed and stored for at least 30 days.
Cooling fan
A cooling fan is a hardware component that moves air across heat-generating parts to prevent overheating and maintain safe operating temperatures.
Copilot
Copilot is a set of AI-powered assistants from Microsoft that help users work more efficiently by generating text, answering questions, summarizing content, and automating tasks across applications like Windows, web browsers, and Microsoft 365.
Copilot for Microsoft 365
Copilot for Microsoft 365 is an AI assistant integrated into Microsoft 365 apps that helps users create documents, analyze data, summarize communications, and automate tasks using natural language prompts.
Copper cable
Copper cable is a type of network cabling that uses copper wires to transmit data using electrical signals.
CoreDNS
CoreDNS is a fast, flexible, and pluggable Domain Name System (DNS) server that is often used as the cluster DNS for Kubernetes, translating service names into IP addresses so containers can find each other.
Corrective control
A security measure that acts after an incident to limit damage, restore operations, and prevent recurrence.
Correlation rule
A correlation rule is a set of conditions in a security information and event management (SIEM) system that combines multiple log events from different sources to detect complex threats or patterns that a single event would miss.
Corrupted profile
A corrupted profile is a user account on a computer that has become damaged or dysfunctional, preventing the user from logging in or accessing their personal settings and files.
CORS
CORS is a browser security mechanism that controls how web pages from one domain can request resources from a different domain.
CoS
CoS (Class of Service) is a method of marking Ethernet frames with a priority level to manage traffic and ensure higher-priority data gets through first.
Cosmos DB API
Cosmos DB API is a collection of interfaces that lets applications interact with Azure Cosmos DB, a globally distributed NoSQL database, using different data models and query languages.
Cosmos DB Design
Cosmos DB Design is the process of structuring data and choosing configuration settings in Azure Cosmos DB to ensure fast performance, low cost, and scalability for applications.
Cosmos DB Partitioning
Cosmos DB Partitioning is the process of distributing data across multiple physical servers to ensure fast performance, unlimited storage, and high availability.
Cosmos DB SDK
The Cosmos DB SDK is a set of libraries and tools that let developers write code to connect to, query, and manage a Cosmos DB database from their applications.
Cost
Cost is the amount of money spent on IT services, including all resources, activities, and overheads needed to deliver and support them.
Cost allocation tag
A cost allocation tag is a key-value pair attached to cloud resources to track and organize costs by department, project, or environment.
Cost Explorer
Cost Explorer is an AWS tool that lets you visualize, understand, and manage your AWS spending and usage over time.
Cost Management
Cost Management is the practice of planning, controlling, and optimizing spending on cloud resources to stay within budget and maximize value.
Cost optimization pillar
The Cost Optimization pillar is a set of design principles and best practices in cloud computing aimed at minimizing expenditure while maximizing the value delivered from cloud resources.
Countermeasure
A countermeasure is any action, device, procedure, or technique that reduces a threat, vulnerability, or risk to an acceptable level.
Covering Tracks
Covering tracks is the process attackers use to hide their activity and remove evidence of a security breach after gaining unauthorized access to a system.
Covert channel
A covert channel is a hidden communication path that allows data to be transferred in ways that violate a system's security policy, often by using resources not intended for communication.
CPU
The Central Processing Unit (CPU) is the main electronic brain of a computer that carries out instructions from software by performing basic arithmetic, logic, control, and input/output operations.
CPU Socket Types
A CPU socket type is the physical interface on a motherboard that determines which specific processor models can be installed.
CRC
CRC (Cyclic Redundancy Check) is an error-detecting code used to detect accidental changes to raw data in digital networks.
Credential
A digital or physical proof of identity or authorization that grants access to a system, network, or resource.
Credential Guard
Credential Guard is a security feature in Windows that uses virtualization to protect sensitive credentials like passwords and hashes from being stolen by malware.
Credential stuffing
Credential stuffing is a cyberattack where attackers use lists of stolen usernames and passwords to gain unauthorized access to user accounts on different websites.
Credentialed scan
A credentialed scan is a vulnerability assessment that uses valid user credentials to log into a target system, allowing deeper inspection of the system's internal configuration and software.
Crimper
A crimper is a handheld tool used to attach a connector, like an RJ45 plug, to the end of a network cable by compressing metal pins into the cable's wires to create a secure and conductive connection.
Critical Path Method
The Critical Path Method is a project scheduling technique that identifies the longest sequence of dependent tasks and calculates the minimum project duration.
CRL
A Certificate Revocation List (CRL) is a published list of digital certificates that have been revoked by a Certificate Authority before their scheduled expiration date.
cron
Cron is a time-based job scheduler in Unix-like operating systems that automatically runs commands or scripts at specified dates and times.
crontab
Crontab is a time-based job scheduler in Unix-like operating systems that allows users to automate the execution of scripts or commands at specified intervals.
Cross Site Scripting XSS
Cross Site Scripting (XSS) is a web security vulnerability where an attacker injects malicious scripts into web pages viewed by other users, enabling theft of data or session hijacking.
Cross-Region Replication
Cross-Region Replication is the automated copying of data from a storage bucket in one geographic region to a bucket in a different geographic region for disaster recovery, compliance, or lower latency access.
Cross-site request forgery
Cross-site request forgery (CSRF) is a web security vulnerability that tricks a user into unknowingly performing actions on a website where they are already authenticated.
Cross-site scripting
Cross-site scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, often to steal data or hijack sessions.
Crossover cable
A crossover cable is an Ethernet cable with reversed transmit and receive wire pairs, used to directly connect two similar devices without a switch or hub.
CSMA/CD
Carrier Sense Multiple Access with Collision Detection is a network protocol used in Ethernet to manage data transmission and handle collisions when two devices send data at the same time.
CSPM
Cloud Security Posture Management (CSPM) is a security tool that continuously monitors cloud environments to detect and fix misconfigurations, compliance violations, and security risks.
CSR
A Certificate Signing Request is a block of encoded data sent to a Certificate Authority to apply for a digital certificate.
CSRF
Cross-Site Request Forgery is an attack that tricks a user into performing an unwanted action on a web application where they are currently authenticated.
curl
curl is a command-line tool that lets you transfer data to or from a server using various network protocols, commonly used to test APIs and download files.
Current Channel
Current Channel is the default update servicing branch for Microsoft 365 apps that delivers new features as soon as they are released by Microsoft.
Custom domain
A custom domain is a personalized internet address (like contoso.com) that you can use with cloud services instead of the default domain provided by the service provider.
Custom machine type
A virtual machine configuration where users manually select CPU, memory, and other resources rather than using a predefined template.
Custom role
A custom role is a user-defined set of permissions in Google Cloud that you can tailor to fit specific job functions beyond the predefined roles.
Custom script extension
A virtual machine extension for Azure that downloads and runs scripts on a VM after it is deployed, used for configuration, software installation, and post-deployment tasks.
Customer
In IT service management, a customer is the person or organization that defines requirements and agrees to pay for services, but does not necessarily use them directly.
Customer Lockbox
Customer Lockbox is a Microsoft 365 service that gives customers explicit control over granting Microsoft support engineers temporary access to their tenant data for troubleshooting and issue resolution.
cut
In scripting and automation, cut is a command-line utility used to extract specific fields or columns from each line of a file or text stream based on a delimiter or character position.
CVE
CVE stands for Common Vulnerabilities and Exposures, which is a publicly available list of standardized identifiers for known security vulnerabilities in software and hardware.
CVSS
The Common Vulnerability Scoring System (CVSS) is a standardized framework used to rate the severity of security vulnerabilities on a scale from 0 to 10.
CVSS Scoring
CVSS Scoring is a standardized framework for rating the severity of security vulnerabilities, helping organizations prioritize fixes based on a numeric score from 0 to 10.
CWE
CWE (Common Weakness Enumeration) is a structured catalog of software and hardware security weaknesses that helps IT professionals identify, prevent, and mitigate vulnerabilities in systems.
Cyclic Redundancy Check
A Cyclic Redundancy Check (CRC) is an error-detecting code used to verify that data transmitted over a network or stored on a device has not been corrupted.
DAC
Discretionary Access Control is a security model where the owner of a resource decides who can access it and what permissions they have.
DaemonSets
A DaemonSet is a Kubernetes object that ensures a copy of a specific pod runs on every node in a cluster, or on a subset of nodes.
Daily Standup
A short, time-boxed daily meeting where team members share progress, plans, and blockers to stay aligned.
DAS
DAS is a storage device directly connected to a computer without a network, offering fast local access.
Dashboard
A dashboard is a visual display of key metrics and data points that helps IT professionals monitor, analyze, and manage systems or processes in real time.
DAST
DAST (Dynamic Application Security Testing) is a security testing method that finds vulnerabilities in running web applications by simulating real attacks from the outside.
Data
Data is raw, unprocessed information, like numbers, words, or measurements, that can be stored, processed, and analyzed by computers.
Data Carving
Data carving is the process of recovering files and data fragments from a storage device without relying on the file system metadata.
Data catalog
A data catalog is a centralized inventory of data assets that helps people find, understand, and trust the data they need for analytics or business decisions.
Data Center Interconnect
A Data Center Interconnect is a network connection that links two or more separate data centers together so they can share data, resources, and services as if they were a single facility.
Data classification
Data classification is the process of organizing data into categories based on its sensitivity, value, and criticality to an organization, so that appropriate security controls can be applied.
Data controller
An entity that determines the purposes and means of processing personal data.
Data custodian
A data custodian is the person or team responsible for the safe handling, storage, and transport of data on behalf of the data owner.
Data governance
Data governance is the overall process of managing the availability, usability, integrity, and security of data used in an organization, based on internal standards and policies.
Data ingestion
Data ingestion is the process of moving data from various sources into a storage system where it can be accessed, analyzed, and used.
Data integrity
Data integrity is the assurance that data remains accurate, consistent, and unaltered during storage, processing, and retrieval.
Data lake
A data lake is a centralized storage repository that holds vast amounts of raw data in its native format until it is needed for analysis.
Data Lake Design
Data Lake Design is the process of planning a centralized storage repository that holds raw data in its native format until it is needed, enabling scalable analytics and machine learning across an organization.
Data Lake Storage Gen2
Data Lake Storage Gen2 is a cloud-based storage service that combines a scalable data lake with enterprise-grade file system capabilities for big data analytics.
Data lakehouse
A data lakehouse is a modern data architecture that combines the flexibility of a data lake with the reliability and performance of a data warehouse on a single platform.
Data lifecycle management
Data lifecycle management is the process of managing data from its creation to its deletion, ensuring it is stored, used, and disposed of in a way that meets security, compliance, and business needs.
Data Lifecycle Manager
A Data Lifecycle Manager is a system or set of policies that automates the movement, protection, retention, and deletion of data from creation to disposal, ensuring compliance and efficient storage usage.
Data lineage
Data lineage is the process of tracking the origin, movement, and transformation of data as it flows through various systems and steps in a data pipeline.
Data Loss Prevention
Data Loss Prevention (DLP) is a set of tools and processes that help organizations stop sensitive information from being shared, leaked, or stolen, whether accidentally or on purpose.
Data masking
Data masking is a security technique that replaces sensitive data with realistic but fictional data so it can be used safely in non-production environments.
Data model
A data model is a blueprint that defines how data is organized, stored, and accessed in a database or data system.
Data owner
A senior-level person who is accountable for the classification, protection, and appropriate use of a specific set of data within an organization.
Data plane
The part of a network device that actually forwards data packets from one interface to another based on decisions made by the control plane.
Data privacy
Data privacy is the practice of controlling who can access, use, and share personal information, ensuring that data is handled in ways that respect individual rights and legal requirements.
Data processor
A data processor is a person or organization that processes personal data on behalf of a data controller, following the controller's instructions and under their authority.
Data protection
Data protection refers to the practices and technologies used to safeguard personal and sensitive information from unauthorized access, loss, or corruption.
Data remanence
Data remanence is the residual representation of data that remains on a storage medium even after attempts to erase or remove it.
Data Replication Strategy
A data replication strategy is a plan for copying and synchronizing data across multiple locations to ensure availability, durability, and performance.
Data residency
Data residency is the physical or geographical location where an organization's data is stored and processed, often subject to local laws.
Data retention
Data retention is the practice of keeping data for a specific period to meet legal, business, or compliance needs, and then securely disposing of it.
Data sanitization
Data sanitization is the process of deliberately, permanently, and irreversibly removing or destroying data stored on a device or media so that it cannot be recovered or reconstructed by any known method.
Data security
Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its lifecycle.
Data transformation
Data transformation is the process of converting data from one format, structure, or value into another to make it usable for analysis, storage, or reporting.
Data Transformation Pipelines
Data transformation pipelines are automated sequences of steps that take raw data from a source, clean and reshape it into a usable format, and then load it into a destination for analysis or storage.
Data visualization
Data visualization is the practice of translating data and information into visual context, such as charts and graphs, to make complex data easier to understand and use for decision-making.
Data VLAN
A Data VLAN is a virtual local area network configured on a switch to carry user-generated traffic, separating it from management, voice, or other types of network traffic.
Data warehouse
A data warehouse is a central repository that stores large amounts of structured data from multiple sources, optimized for querying and analysis rather than day-to-day transactions.
Dataflow
Dataflow is a Google Cloud managed service that processes and transforms data in real-time or batch mode using Apache Beam pipelines.
Dataproc
Dataproc is a managed cloud service for running Apache Spark and Apache Hadoop clusters, allowing you to process large datasets quickly and economically.
Dataset
A dataset is a collection of related data, usually in a structured format, that can be used for analysis, training models, or reporting in Azure data services.
Datastream
A datastream is a continuous, ordered flow of data that is generated and transmitted from a source to a destination for real-time processing or analysis.
DAX
DAX (DynamoDB Accelerator) is a fully managed, highly available, in-memory cache for Amazon DynamoDB that provides microsecond read latency.
DC jack
A DC jack is the small, round power port on a laptop or other mobile device where you plug in the power adapter to charge the battery or run the device.
DCI
DCI connects two or more data centers over a network, enabling resource sharing, disaster recovery, and workload mobility.
DDoS
A DDoS (Distributed Denial-of-Service) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic from multiple compromised systems.
Dead timer
The Dead timer is the period an OSPF router waits to hear from a neighbor before declaring that neighbor as unreachable and removing it from the routing table.
Dead-letter queue
A dead-letter queue is a secondary queue that stores messages that a primary queue or processing system cannot successfully process, allowing for later analysis and reprocessing.
Deauthentication attack
A deauthentication attack is a wireless network exploit where an attacker sends fake disconnection frames to force devices off a Wi-Fi network, often used to capture handshake data or disrupt connectivity.
Decapsulation
Decapsulation is the process in networking where a device removes headers and trailers from a data packet as it travels up the OSI model layers.
Decoupling
Decoupling is the practice of designing system components so that they are independent, reducing dependencies so a change or failure in one part does not break others.
Decryption
Decryption is the process of converting encrypted or scrambled data back into its original, readable form using a specific key or method.
Dedicated Host
A Dedicated Host is a physical server in the cloud that is reserved exclusively for your use, giving you control over which instances run on that host and visibility into the underlying hardware.
Dedicated Interconnect
A Dedicated Interconnect is a direct, private physical connection between your on-premises network and a cloud provider's network, bypassing the public internet for faster, more reliable, and more secure data transfer.
Dedicated security mode
A configuration in IT systems where security services or appliances operate in an isolated, single-purpose environment to prevent interference with other functions and reduce attack surface.
Dedicated SQL pool
A Dedicated SQL pool is a cloud-based analytics service in Azure Synapse Analytics that provides a managed, scalable environment for running large-scale data warehousing queries using Transact-SQL.
Deep learning
Deep learning is a subset of machine learning that uses multi-layered neural networks to automatically learn patterns from large amounts of data.
Default app
A default app is the program that your operating system automatically uses to open a specific type of file or perform a certain task, such as opening a web link or viewing a photo.
Default gateway
A default gateway is a network device, typically a router, that acts as the exit point for traffic from a local network to other networks, including the internet.
Default route
A default route is a catch-all routing entry that tells a network device where to send packets when no specific route matches the destination address.
Default setting
A default setting is the pre-configured value or state that a system, device, or software uses until a user or administrator changes it to something different.
Default VLAN
The Default VLAN is VLAN 1 on most Cisco switches and it is the VLAN to which all switch ports belong by default until they are assigned to a different VLAN.
Defender for Cloud
Microsoft Defender for Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides unified security management and threat protection across hybrid and multi-cloud environments.
Defender for Cloud Apps
Defender for Cloud Apps is a Microsoft cloud access security broker (CASB) that helps you discover, protect, and govern your cloud applications and data across multiple cloud environments.
Defender for Endpoint
Microsoft Defender for Endpoint is a cloud-delivered enterprise security solution designed to protect devices from cyber threats using behavioral analysis, machine learning, and automated investigation.
Defender for Identity
Defender for Identity is a cloud-based security solution that detects, investigates, and responds to advanced identity threats targeting on-premises Active Directory and cloud identities.
Defender for Office 365
Microsoft Defender for Office 365 is a cloud-based email security service that protects organizations against advanced threats like phishing, malware, and business email compromise by scanning emails, attachments, and links in real time.
Defender policy
A Defender policy is a set of security rules configured in Microsoft 365 Defender that controls how endpoint detection and response (EDR), antivirus, firewall, and other protection features behave on managed devices.
Defense in depth
Defense in depth is a cybersecurity strategy that uses multiple layers of security controls to protect information and systems, so if one layer fails, another layer is already in place to stop the attack.
Delete device
Delete device is the process of removing a device from an organization's management system, typically in Microsoft Intune or Azure AD, which revokes its access to corporate resources and management policies.
Deleted File Recovery
Deleted file recovery is the process of restoring files that have been removed from a storage device, often using specialized tools to retrieve data that has not yet been overwritten.
Deliver and support
Deliver and support is an ITIL 4 service value chain activity that focuses on the ongoing provision, operation, and improvement of IT services to meet agreed service levels and user needs.
Delivery Optimization
Delivery Optimization is a Windows feature that uses peer-to-peer sharing and other sources to download updates and apps more efficiently, reducing network strain.
Demand
In ITIL 4, demand refers to the need or request for IT services from users and customers that drives the provisioning and management of those services.
Demarcation point
The Demarcation point is the physical or logical boundary where the responsibility for a network or telecommunications line shifts from the service provider to the customer.
Denial-of-service
A Denial-of-service (DoS) attack is an attempt to make a computer, network, or online service unavailable to its intended users by overwhelming it with fake traffic or requests.
Denormalization
Denormalization is a database design strategy that adds redundant data to one or more tables to reduce the number of joins needed in queries, improving read performance at the cost of extra storage and more complex writes.
Dependency
A dependency is a piece of software, library, or package that another software application requires in order to function correctly.
Dependency scanning
Dependency scanning is the automated process of checking software components for known security vulnerabilities and outdated versions.
Deployment group
A deployment group is a logical set of target machines or servers in Azure Pipelines that receive application releases during automated deployment, allowing you to manage rolling updates and release approvals across multiple environments.
Deployment management
Deployment management is the process of planning, scheduling, and controlling the movement of releases into the live environment, ensuring that changes are implemented safely and efficiently.
Deployment Manager
Deployment Manager is a Google Cloud service that lets you define and manage your cloud resources using declarative templates, so you can create, update, and delete infrastructure as a single unit.
Deployment profile
A deployment profile is a set of configuration settings and policies that IT administrators apply to enroll and configure devices in an organization, automating the setup process.
Deployment slot
A deployment slot is a live staging environment in Azure App Service that allows you to swap app versions with zero downtime for testing before going to production.
Deployment stage
The deployment stage is the phase in software development where code is released and made available to users in a target environment, such as development, testing, staging, or production.
Deployments
A Kubernetes resource that manages a set of identical Pods, ensuring they run the correct number of replicas and can be updated or rolled back without downtime.
Deprovisioning
Deprovisioning is the process of removing a user's access to systems and data when they no longer need it, typically when they leave an organization or change roles.
Design and transition
Design and transition is an ITIL practice that focuses on designing and moving new or changed services into live operation while managing risks and ensuring value.
Designated port
In a Spanning Tree Protocol network, a Designated port is the port on a network segment that has the best path to the root bridge and is responsible for forwarding traffic toward the root bridge.
Designated Router
A router elected in an OSPF multi-access network to manage link-state updates and reduce routing protocol traffic.
Desired State Configuration
Desired State Configuration is a management platform that lets IT pros define and enforce the target configuration state of systems, using declarative scripts to automate deployment, compliance, and ongoing drift correction.
Detection
Detection is the process of identifying potential security incidents or anomalies by analyzing system data, logs, and network traffic.
Detection engineering
Detection engineering is the practice of designing, building, and refining security monitoring rules and signals to identify malicious activity in an IT environment.
Detective control
A detective control is a security measure that identifies and reports unwanted or suspicious activity after it has already occurred.
Deterrent control
A deterrent control is a security measure designed to discourage potential attackers from attempting to breach a system or commit a violation, relying on the perceived threat of consequences.
Device category
A classification that groups devices in Microsoft Intune by their platform and management method, such as Windows, iOS, or Android, to apply targeted policies and configurations.
Device compliance
Device compliance is the process of ensuring that a device meets an organization's security and configuration policies before it can access network resources.
Device configuration
Device configuration is the process of setting up and customizing the operating system, security policies, applications, and network settings on a device so it can securely connect to and function within an organization's IT environment.
Device enrollment
Device enrollment is the process of registering a device with a management system so that it can receive policies, apps, and security settings under organizational control.
Device group
A device group is a logical collection of devices managed together for applying policies, configurations, and updates in an enterprise IT environment.
Device Guard
Device Guard is a Windows security feature that uses hardware and software virtualization to lock down a device so only trusted, approved applications can run.
Device Health Monitoring
Device Health Monitoring is the automated process of tracking the operational status, performance metrics, and error conditions of network devices like routers and switches to ensure they are running reliably.
Device Manager
Device Manager is a built-in Windows tool that shows you all the hardware connected to your computer and lets you manage the drivers that make that hardware work.
Device registration
Device registration is the process of linking a device to a management system, such as Microsoft Entra ID, to enable controlled access to organizational resources.
Device risk
Device risk is the chance that a computer, phone, or other endpoint could cause a security problem or data leak because it is not properly managed or protected.
Device Virtualization
Device virtualization is a technology that allows one physical network device to act as multiple virtual devices, each with its own configuration and resources, enabling better utilization and flexibility.
DevOps
DevOps is a set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and deliver high-quality software continuously.
DevSecOps
DevSecOps is a software development practice that integrates security into every phase of the DevOps lifecycle, making security a shared responsibility from the start.
df
The df command in Linux and Unix systems reports the amount of disk space used and available on mounted file systems.
DHCP
Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses and network settings to devices on a network, so they can communicate without manual configuration.
DHCP Client and Server
A DHCP client is any device that requests network configuration settings from a DHCP server, which automatically assigns IP addresses and other parameters to devices on a network.
DHCP pool
A DHCP pool is a reserved set of IP addresses that a DHCP server can assign to devices on a network automatically when they request a connection.
DHCP relay
A network device or feature that forwards DHCP broadcast messages between clients and servers on different subnets so that IP address assignment works across multiple network segments without a separate DHCP server on each one.
DHCP Relay Configuration
A DHCP relay configuration allows a router to forward DHCP broadcast requests from clients on one subnet to a DHCP server on a different subnet, enabling centralized IP address management across multiple networks.
DHCP server
A DHCP server is a network device or service that automatically assigns IP addresses and other network configuration parameters to devices on a network, eliminating the need for manual configuration.
DHCP snooping
DHCP snooping is a network security feature that filters untrusted DHCP messages to prevent rogue DHCP servers from giving out false IP addresses.
DHCPv6
DHCPv6 is a network protocol that automatically assigns IPv6 addresses and other configuration settings to devices on a network.
Diagnostic setting
A Diagnostic setting is a configuration in Azure that controls where and how resource logs and metrics are collected, stored, and streamed for monitoring and analysis.
Diamond model
The Diamond model is a framework for analyzing cybersecurity intrusions by examining four key components: adversary, capability, infrastructure, and victim.
Dictionary attack
A dictionary attack is a cyberattack method where an attacker tries to break into a system by rapidly testing thousands of common passwords or passphrases from a precompiled list.
Differential backup
A differential backup copies all data that has changed since the last full backup, growing in size with each new backup until the next full backup is performed.
Diffie-Hellman
Diffie-Hellman is a cryptographic protocol that allows two parties to securely exchange a shared secret key over an untrusted network like the internet.
Digital certificate
A digital certificate is an electronic document that verifies the identity of a person, device, or website and enables secure encrypted communication over the internet.
Digital identity
A digital identity is the online representation of a person, device, or entity used to authenticate and authorize access to digital resources.
Digital Rights Management
Digital Rights Management (DRM) is a set of technologies used to control how digital content like music, movies, ebooks, or software is accessed, copied, or shared.
Digital signature
A cryptographic technique used to verify the authenticity and integrity of a digital message or document, ensuring it came from the claimed sender and was not altered.
Digital Subscriber Line
Digital Subscriber Line (DSL) is a technology that uses ordinary copper telephone wires to provide high-speed internet access to homes and businesses.
Digital transformation
Digital transformation is the process of using digital technology to fundamentally change how a business operates and delivers value to customers.
Digital Visual Interface
Digital Visual Interface is a video display interface used to connect a video source, like a computer, to a monitor or projector, transmitting uncompressed digital video signals for clear, high-quality images.
Digitizer
A digitizer is the part of a touchscreen that converts your finger or stylus touches into digital signals the device can understand.
Dijkstra algorithm
The Dijkstra algorithm is a mathematical method used by OSPF to calculate the shortest path between a router and every other router in a network.
Direct Attach Copper
Direct Attach Copper is a type of high-speed copper cable used to connect networking equipment over short distances without needing separate transceivers.
Direct Connect
AWS Direct Connect is a cloud service that lets you create a dedicated private network link from your on-premises data center to AWS, bypassing the public internet for more consistent and secure connectivity.
Direct-attached Storage
Direct-attached Storage (DAS) is a storage device connected directly to a computer or server without going through a network.
Disaster recovery
Disaster recovery is a set of policies, procedures, and tools that help an organization restore critical IT systems and data after a disruptive event.
Disaster Recovery Design
Disaster Recovery Design is the process of planning and implementing strategies to restore IT systems and data after a catastrophic failure, ensuring business continuity with minimal downtime and data loss.
Disaster recovery plan
A Disaster Recovery Plan (DRP) is a documented, structured approach that outlines how an organization can quickly resume critical IT systems and operations after a disruptive event.
Disk encryption
Disk encryption is the process of converting data on a storage device into a coded form that can only be read with the correct decryption key, protecting it from unauthorized access.
Disk image
A disk image is a sector-by-sector copy of an entire storage device, such as a hard drive or SSD, used in incident response to preserve forensic evidence exactly as it existed at a point in time.
Disk Imaging
Disk imaging is the process of creating an exact, bit-for-bit copy of a storage drive, preserving all data, deleted files, and unallocated space for forensic analysis or system recovery.
Disk Management
Disk Management is a system utility that lets you manage hard drives and other storage devices, including partitioning, formatting, and assigning drive letters.
Disk storage
Disk storage is the hardware or cloud-based service that persistently saves digital data on spinning magnetic platters or solid-state memory for a computer or server to use.
Distributed Denial-of-service
A cyberattack where many compromised computers flood a target system with traffic, making it unavailable to legitimate users.
Distributed tracing
Distributed tracing is a method used to track and observe requests as they flow through multiple services in a distributed system, helping identify performance bottlenecks and failures.
Distribution group
A mail-enabled Active Directory security group used to send email notifications to multiple recipients simultaneously without granting access to resources.
DLL error
A DLL error is a message that appears when a Windows program cannot find or properly use a Dynamic Link Library file it needs to run.
DLP
Data Loss Prevention — security technology that detects and prevents unauthorised transmission of sensitive data outside an organisation.
DLP policy
A DLP policy is a set of rules that an organization uses to prevent sensitive data from being lost, stolen, or accidentally exposed, whether it is in use, in motion, or at rest.
dmesg
dmesg is a Linux command that displays messages from the kernel ring buffer, used to diagnose hardware and boot issues.
DMVPN Phase 1
DMVPN Phase 1 is a Cisco networking technology that lets branch offices securely connect to a central hub using a single tunnel, even when they have changing public IP addresses.
DMVPN Phase 2
DMVPN Phase 2 is an advanced Cisco routing technology that allows spoke routers to communicate directly with one another without sending traffic through a central hub, using dynamic routing protocols and multipoint GRE tunnels.
DMVPN Phase 3
DMVPN Phase 3 is a Cisco networking technology that allows branch offices to connect directly to each other without always going through a central hub, but with smarter routing that lets the hub control the traffic paths more efficiently.
DMZ
A DMZ (demilitarized zone) is a network segment that sits between an internal private network and the public internet, hosting publicly accessible services while keeping the internal network isolated.
dnf
DNF (Dandified YUM) is the default package manager for Fedora and other RPM-based Linux distributions, used to install, update, and remove software packages while resolving dependencies automatically.
DNS
DNS is the system that translates human-friendly domain names like example.com into machine-readable IP addresses so computers can find each other on a network.
DNS enumeration
DNS enumeration is the process of systematically querying a Domain Name System (DNS) server to gather information about a target domain, including its subdomains, IP addresses, and mail server records.
DNS log
A DNS log is a record of all Domain Name System queries and responses that pass through a server, providing a trail of which domains were requested, by whom, and when.
DNS over HTTPS
DNS over HTTPS is a protocol that sends Domain Name System queries and responses over the encrypted HTTPS protocol to protect user privacy and prevent tampering.
DNS over TLS
DNS over TLS encrypts DNS queries using the Transport Layer Security protocol to prevent eavesdropping and tampering.
DNS poisoning
DNS poisoning is a cyberattack that corrupts a DNS resolver's cache with false information, redirecting users to malicious websites without their knowledge.
DNS record
A DNS record is a set of instructions stored on a DNS server that tells clients how to interact with a domain, most commonly by mapping a human-readable domain name to an IP address.
DNS zone
A DNS zone is a distinct part of the global Domain Name System (DNS) namespace that is delegated to a specific administrator or organization for management, containing resource records for a domain.
DNSSEC
DNSSEC adds cryptographic signatures to DNS records to ensure data authenticity and integrity, preventing cache poisoning and spoofing attacks.
Docking station
A docking station is a hardware device that lets you connect a laptop to multiple peripherals like monitors, keyboards, and mice through a single connection point.
Document AI
Document AI is a Google Cloud service that uses machine learning to extract, analyze, and organize information from documents like PDFs and images.
Document intelligence
Document intelligence is a cloud-based service that uses artificial intelligence to extract, analyze, and understand information from documents like forms, invoices, and receipts automatically.
DocumentDB
Amazon DocumentDB is a fully managed, MongoDB-compatible document database service that stores, queries, and indexes JSON-like data for scalable applications.
DoH
DoH encrypts DNS queries within HTTPS traffic to prevent eavesdropping and manipulation of domain name resolution.
Domain Name System
The Domain Name System (DNS) is the internet's phonebook that translates human-friendly domain names like google.com into computer-friendly IP addresses like 172.217.0.46.
Domain Name System Security Extensions
A set of protocols that add digital signatures to DNS data to verify its authenticity and integrity.
Domain verification
Domain verification is the process of proving that you own or control a specific domain name so that you can use it with a service like Microsoft 365.
Domain-based Message Authentication Reporting and Conformance
DMARC is an email authentication protocol that helps prevent spoofing and phishing by verifying that incoming email really comes from the domain it claims to be from and tells receiving servers what to do if verification fails.
DomainKeys Identified Mail
DomainKeys Identified Mail is an email authentication method that allows a domain to cryptographically sign its outgoing messages so receiving servers can verify the sender's domain is legitimate and the message was not tampered with.
DoS
A cyberattack that floods a target with traffic or requests to exhaust its resources, making it unavailable to legitimate users.
DoT
DNS over TLS (DoT) encrypts DNS queries using TLS, ensuring privacy and integrity between clients and resolvers.
Dot1Q
Dot1Q is the industry-standard networking protocol that tags Ethernet frames with a VLAN identifier, allowing multiple virtual LANs to share the same physical network link.
Double Data Rate
Double Data Rate (DDR) is a technology that doubles the data transfer rate of a memory or bus by sending data on both the rising and falling edges of the clock signal, effectively doing twice as much work per clock cycle.
dpkg
dpkg is the base package management tool for Debian-based Linux systems used to install, remove, and manage individual software packages with .deb extension.
DREAD
DREAD is a qualitative risk assessment model used to rank threats by evaluating Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.
Drive wiping
Drive wiping is the process of completely and permanently erasing all data on a storage drive so that it cannot be recovered.
Driver rollback
Driver rollback is a Windows tool that reverts a device driver to its previous version to fix problems caused by a recent driver update.
DRother
An OSPF router that lost the DR/BDR election on a multi-access segment.
DSCP
DSCP (Differentiated Services Code Point) is a 6-bit field in an IP packet header used to classify and prioritize network traffic for Quality of Service (QoS).
DSL
DSL (Digital Subscriber Line) is a technology that uses existing telephone lines to provide high-speed internet access without interrupting your phone service.
DTP
Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol used to automatically negotiate whether a switch port should operate in access mode or trunk mode.
du
du is a command-line tool used in Unix-like operating systems to estimate and display the disk space used by files and directories.
Dual In-line Memory Module
A Dual In-line Memory Module (DIMM) is a small circuit board that holds memory chips and plugs into a computer's motherboard to provide Random Access Memory (RAM).
Due care
Due care is the legal and ethical duty of an organization to take reasonable steps to protect sensitive information and IT systems from harm.
Due diligence
Due diligence is the process of systematically reviewing and verifying information, policies, and procedures to identify and manage risks before making a decision or taking an action in an IT or security context.
Dumpster diving
Dumpster diving is the practice of searching through trash to find discarded information or equipment that can be used to compromise security.
Duplex mismatch
A duplex mismatch occurs when two connected network devices are configured with different duplex settings (one half-duplex, one full-duplex), leading to poor performance and data errors.
Duplexing assembly
A hardware component in a printer that automatically flips paper to print on both sides.
Durable Functions
Durable Functions is an extension of Azure Functions that lets you write stateful workflows in code, managing complex sequences of tasks, retries, and delays automatically.
Dynamic ARP Inspection
Dynamic ARP Inspection is a security feature that validates ARP packets on a network to prevent man-in-the-middle attacks by ensuring that only legitimate ARP messages are forwarded.
Dynamic auto
Dynamic auto is a switchport trunking mode where the port will automatically form a trunk if it receives a trunk negotiation request from the other device, but will not actively initiate trunking.
Dynamic Data Masking
Dynamic Data Masking is a security feature that automatically hides sensitive data in query results so that unauthorized users see only masked information, while authorized users see the real data.
Dynamic desirable
A Cisco proprietary switchport mode that makes a port actively request to form a trunk but also allow the port to become a trunk if the connected device requests it.
Dynamic device group
A Dynamic device group is an Azure AD / Microsoft Entra ID feature that automatically adds or removes devices based on membership rules you define.
Dynamic group
A dynamic group is a group in Microsoft Entra ID (Azure AD) whose membership is automatically updated based on user or device attributes, rather than being manually assigned.
Dynamic Host Configuration Protocol
DHCP is a network protocol that automatically assigns IP addresses and other configuration settings to devices so they can communicate on a network.
Dynamic NAT
Dynamic NAT is a method of mapping multiple private IP addresses to a pool of public IP addresses automatically, allowing many devices to share a limited number of public addresses.
Dynamic route
A route that is automatically learned and updated by a router using a routing protocol, rather than being manually configured.
DynamoDB
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability.
DynamoDB Streams
DynamoDB Streams is a feature that captures a time-ordered sequence of item-level changes (inserts, updates, deletes) in a DynamoDB table and makes them available for processing or replication.
EAL
EAL, or Evaluation Assurance Level, is a numeric rating from 1 to 7 that measures how thoroughly a computer product has been tested for security, with higher numbers indicating more rigorous testing.
EAP
EAP is a flexible authentication framework used in network access control, supporting multiple methods like passwords, certificates, and tokens.
EAPoL
EAPoL is a network authentication protocol that encapsulates EAP frames over IEEE 802 LANs, enabling port-based access control.
Earned Value Management
Earned Value Management (EVM) is a project management technique that measures project performance by comparing planned work with completed work and actual costs to forecast outcomes.
EBGP Multihop
EBGP Multihop is a configuration that allows two BGP routers to form an external BGP session even when they are not directly connected by a single physical cable.
EBS
Amazon Elastic Block Store (EBS) provides persistent, high-performance block storage volumes for use with Amazon EC2 instances in the cloud.
EBS encryption
EBS encryption is a security feature that automatically encrypts data stored on Amazon Elastic Block Store volumes, protecting it at rest and in transit between the volume and the attached EC2 instance.
EBS snapshot
An EBS snapshot is a point-in-time backup of an Amazon Elastic Block Store volume that you can use for recovery, cloning, or migration.
EBS volume types
Amazon Elastic Block Store (EBS) volume types are different categories of block-level storage volumes optimized for specific performance, cost, and use case requirements in the AWS cloud.
EC2
Amazon Elastic Compute Cloud (EC2) is a web service that provides resizable compute capacity in the cloud, allowing you to run virtual servers on demand.
EC2 Image Builder
EC2 Image Builder is a managed AWS service that simplifies the creation, customization, validation, and distribution of virtual machine images (Amazon Machine Images or AMIs) for use with EC2 instances.
ECC
ECC (Elliptic Curve Cryptography) is a public-key cryptographic method that uses the mathematics of elliptic curves to provide strong security with smaller key sizes than older methods like RSA.
Economies of scale
Economies of scale is the cost advantage that businesses get when production becomes more efficient as they grow larger, reducing the cost per unit.
ECR
Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry that stores, manages, and deploys container images securely.
ECS
Amazon Elastic Container Service (ECS) is a fully managed container orchestration service that allows you to run, stop, and manage Docker containers on a cluster of AWS resources.
Edge location
An edge location is a site deployed by a content delivery network that caches copies of data closer to users to reduce latency and improve access speed.
Edge network
An edge network is a distributed computing architecture that brings data processing and storage closer to the physical location where data is generated, rather than relying on a central data center.
eDiscovery
eDiscovery is the process of identifying, collecting, and producing electronic information for legal cases or investigations.
EDR
Endpoint Detection and Response (EDR) is a cybersecurity technology that continuously monitors endpoint devices to detect, investigate, and respond to advanced threats.
EDR alert
An EDR alert is a notification generated by Endpoint Detection and Response software when it detects potentially malicious activity or an anomaly on a device like a laptop, server, or workstation.
EFS
Amazon Elastic File System (EFS) is a scalable, fully managed cloud file storage service that allows multiple AWS compute instances to access shared data concurrently over the network.
EIGRP
EIGRP is an advanced distance-vector routing protocol that uses bandwidth and delay by default to find the best path for data packets across a computer network.
EIGRP Authentication
EIGRP authentication is a security feature that verifies the identity of routers exchanging routing information to prevent unauthorized or malicious updates.
EIGRP Named Mode
EIGRP Named Mode is a modern configuration method for the EIGRP routing protocol that uses a hierarchical, interface-first approach with named configuration blocks instead of the older autonomous system number method.
EIGRP Route Summarization
EIGRP route summarization is a technique that combines multiple specific network routes into one summary route to reduce routing table size and improve network stability.
EIGRP Stub Routing
EIGRP stub routing is a feature that restricts a router from learning routes from neighbors and limits the routes it advertises, improving network stability and reducing resource usage in remote or spoke locations.
EKS
Amazon Elastic Kubernetes Service (EKS) is a managed service that lets you run Kubernetes clusters on AWS without needing to install and operate your own Kubernetes control plane or nodes.
Elastic Beanstalk
AWS Elastic Beanstalk is a Platform as a Service (PaaS) that automates the deployment, scaling, and management of web applications and services so developers can focus on code instead of infrastructure.
Elastic IP
An Elastic IP is a static, public IPv4 address that you can allocate to your cloud account and remap to different resources, masking failures by allowing quick reassignment.
Elastic Load Balancer
An Elastic Load Balancer automatically distributes incoming application or network traffic across multiple targets, such as Amazon EC2 instances, containers, or IP addresses, in one or more Availability Zones.
Elastic Load Balancing
A cloud service that automatically distributes incoming network traffic across multiple targets, such as servers or containers, to ensure applications remain fast, reliable, and available.
Elastic scaling
Elastic scaling is the automatic addition or removal of computing resources to match current demand exactly, allowing systems to handle workload changes without manual intervention.
ElastiCache
Amazon ElastiCache is a fully managed, in-memory caching service that speeds up data retrieval from databases and applications by storing frequently accessed data in memory.
Elasticity
Elasticity is the ability of a cloud system to automatically add or remove computing resources (like servers, storage, or bandwidth) in response to real-time changes in demand.
Electrostatic discharge
Electrostatic discharge (ESD) is the sudden flow of electricity between two objects with different electrical charges, often caused by built-up static electricity, which can damage sensitive electronic components.
Elliptic curve cryptography
Elliptic curve cryptography is a type of public-key cryptography that uses the mathematics of elliptic curves to create smaller, faster, and more efficient cryptographic keys compared to older methods like RSA.
ELT
ELT (Extract, Load, Transform) is a data integration process where raw data is extracted from source systems, loaded directly into a target system like a data lake or warehouse, and then transformed as needed for analysis.
Embedded SIM
An embedded SIM is a small, soldered chip inside a device that works like a traditional SIM card but can be programmed remotely, letting you switch mobile carriers without swapping a physical card.
Embedding
Embedding is the process of converting high-dimensional data like text or images into a lower-dimensional numerical vector that captures semantic meaning for use in machine learning models.
Emotional Intelligence
Emotional Intelligence is the ability to recognize, understand, and manage your own emotions and the emotions of others to communicate and lead effectively.
EMS
EMS (Enterprise Mobility + Security) is a Microsoft 365 suite that combines mobile device management, mobile application management, identity protection, and information protection tools to securely manage users, devices, and data in a cloud-first environment.
enable secret
A Cisco IOS command that sets a password to protect privileged EXEC mode (enable mode) using a strong, one-way cryptographic hash (MD5 by default), replacing the weaker 'enable password' command.
Encapsulation
Encapsulation is the process of wrapping data with protocol headers and trailers before sending it across a network.
EnCase Forensic
EnCase Forensic is a digital forensics software suite used by investigators to acquire, analyze, and report on data from computers and mobile devices in a legally admissible way.
Encrypting File System
The Encrypting File System (EFS) is a Windows feature that encrypts individual files and folders on an NTFS volume so that only authorized users can read them.
Encryption
Encryption is the process of converting readable data into a secret code to prevent unauthorized access.
Encryption at rest
Encryption at rest is the practice of securing stored data by converting it into an unreadable format using cryptographic algorithms, so that even if physical or digital access to the storage medium is obtained, the data remains confidential.
Encryption in transit
Encryption in transit is the process of scrambling data as it moves between two points over a network so that anyone who intercepts it cannot read it.
Encryption key
An encryption key is a string of random characters used by an algorithm to lock (encrypt) and unlock (decrypt) data, ensuring only authorized parties can read it.
End-of-life
End-of-life means a product or service is no longer being sold, updated, or supported by the manufacturer, and users should plan to upgrade or replace it.
End-of-support
End-of-support means a company will no longer provide updates, security patches, or technical help for a product, leaving it open to risks.
End-user License Agreement
An End-user License Agreement (EULA) is a legal contract between a software creator and the person who installs or uses the software, outlining what the user can and cannot do with it.
Endpoint
An endpoint is any device that connects to a network and communicates with other devices or services, such as a laptop, smartphone, or server.
Endpoint analytics
Endpoint analytics is the practice of collecting and analyzing data from user devices to monitor their health, performance, and security in real time.
Endpoint detection and response
Endpoint detection and response (EDR) is a cybersecurity solution that continuously monitors endpoint devices for suspicious activity and automatically responds to threats to stop attacks in real time.
Endpoint Manager
Endpoint Manager is a centralized software tool that IT administrators use to manage, secure, and monitor all devices (endpoints) connected to a corporate network.
Endpoint Manager admin center
The Endpoint Manager admin center is a unified web-based console in Microsoft Intune and Microsoft Endpoint Configuration Manager that IT administrators use to manage, secure, and monitor all devices across an organization.
Endpoint protection
Endpoint protection is a security approach that safeguards devices like laptops, phones, and servers from malicious threats by monitoring, detecting, and blocking attacks at the device level.
Endpoint security baseline
An endpoint security baseline is a set of minimum security configurations and controls applied to devices like laptops, servers, and mobile devices to protect against threats.
Endpoint security policy
An endpoint security policy is a set of rules that controls how devices like laptops, phones, and servers connect to a network and what security protections they must have to keep data safe.
Endpoint telemetry
Endpoint telemetry is the automated collection and transmission of security-relevant data from devices like laptops, servers, and phones to a central monitoring system for threat detection and analysis.
Engage
Engage is the third stage of the ITIL service lifecycle where service strategies are put into action through design, transition, and operation to deliver value to customers.
Enhanced fan-out
Enhanced fan-out is a data distribution technique that copies a single message or data stream to multiple consumers or destinations in a reliable, scalable, and often ordered manner.
Enhanced Interior Gateway Routing Protocol
Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary advanced distance-vector routing protocol that calculates the best path through a network using multiple metrics, with fast convergence and loop-free routing.
Enrollment profile
An enrollment profile is a set of rules and settings that tells a device or user how to join and follow an organization’s network, security, and application policies.
Enrollment status page
An Enrollment status page is a device management interface that shows whether a computer or mobile device has been properly registered, configured, and enrolled into an organization's management system.
Enterprise Mobility and Security
Enterprise Mobility and Security is a Microsoft 365 suite of cloud services that secures and manages mobile devices, apps, and data within an organization.
Enterprise risk management
Enterprise risk management is the systematic process of identifying, assessing, and responding to risks that could affect an organization’s ability to achieve its objectives.
Entitlement management
Entitlement management is the process of controlling who has access to what resources in an organization through automated policies, approvals, and lifecycle management.
Entity extraction
Entity extraction is the process of automatically identifying and classifying named entities in text, such as people, organizations, locations, dates, and technical terms, turning unstructured data into structured information.
Enumeration
Enumeration is the systematic process of extracting detailed information about a target system, such as user accounts, network shares, services, and configurations, used during the reconnaissance phase of a security assessment.
Environment
An environment is a dedicated set of computing resources, configurations, and services used to develop, test, or host software applications in a controlled and repeatable way.
Environment Variables in Pods
Environment variables in pods are key-value pairs that pass configuration data into containerized applications running in Kubernetes, letting the app read settings without hardcoding them.
EOL
End of Life (EOL) is the date when a vendor stops selling, supporting, or patching a product, requiring migration to avoid security and compliance risks.
EOS
EOS (End of Support) marks the date when a vendor stops providing technical assistance, patches, and firmware updates for a product.
Epic
An Epic is a large, high-level work item in Azure DevOps that represents a significant body of work, typically broken down into smaller features and user stories for agile project management.
Eradication
Eradication is the phase in incident response where the root cause of a security breach is completely removed from the system to prevent the attack from happening again.
Err-disabled
Err-disabled is a switch port state that occurs when the switch detects a critical error on that port and automatically shuts it down to protect the network.
Error budget
An error budget is the maximum amount of acceptable downtime or failure a system can experience within a specified period while still meeting its Service Level Objective (SLO).
Error message
An error message is a notification from a computer or application that tells you something has gone wrong, often including a code or description to help identify the issue.
Error Reporting
Error Reporting is the automated process of capturing, logging, and notifying relevant systems or personnel about errors that occur in software, hardware, or network components to facilitate diagnosis and resolution.
Error-correcting Code
Error-correcting code (ECC) is a method used by computer memory to automatically detect and fix single-bit errors without crashing or corrupting data.
Escalation path
An escalation path is a predefined process that determines how an incident or issue is raised to higher-level support or management when it cannot be resolved at the current level.
ESD
Electrostatic Discharge is the sudden flow of electricity between two electrically charged objects caused by contact or an electrical short, which can damage sensitive electronic components.
eSIM
An embedded SIM (Subscriber Identity Module) that is permanently soldered into a device and can be reprogrammed remotely to connect to a mobile network without needing a physical SIM card.
ESP
ESP (Encapsulating Security Payload) is a core protocol in IPsec that provides confidentiality, data integrity, and authentication for VPN traffic by encrypting and optionally authenticating the payload of IP packets.
ESP
ESP (Encapsulating Security Payload) provides confidentiality, data origin authentication, connectionless integrity, and anti-replay protection for IP packets.
ESSID
ESSID (Extended Service Set Identifier) is the human-readable name of a wireless network that identifies an extended service set across multiple access points.
etcd Backup and Restore
Etcd backup and restore is the process of saving and recovering the key-value store that holds all Kubernetes cluster data, ensuring the cluster can be rebuilt after a disaster or corruption.
etcd Encryption
etcd encryption is the process of protecting data stored in etcd, the key-value store used by Kubernetes, by encoding it so that unauthorized users cannot read it even if they gain access to the storage.
EtherChannel
EtherChannel is a technology that bundles multiple physical Ethernet links into a single logical link to increase bandwidth and provide redundancy.
EtherChannel Load Balancing
EtherChannel Load Balancing is the method used to distribute network traffic across multiple physical links within a single logical EtherChannel bundle to optimize bandwidth and avoid congestion.
Ethernet
Ethernet is a wired networking technology that connects devices like computers, printers, and servers to each other and to the internet using cables.
ETL
ETL stands for Extract, Transform, Load, a process that moves data from multiple source systems into a single database, data warehouse, or data lake for analysis and reporting.
ETL vs ELT Design
ETL and ELT are two different ways to move and transform data from source systems into a data warehouse or data lake, differing in where and when the transformation happens.
EUI-64
EUI-64 is a method for creating a 64-bit interface identifier from a 48-bit MAC address, used to form an IPv6 link-local or stateless address auto-configuration (SLAAC) address.
EULA
A EULA is a legally binding contract between a software developer and the user that outlines how the software can be used and what the user agrees to before installation or first use.
Evaluation assurance level
A rating from the Common Criteria that measures how thoroughly a computer product or system has been tested and verified for security.
Event
An event is any identifiable occurrence or action in a computer system, network, or application that can be logged, monitored, or analyzed for security or operational purposes.
Event Hub
Event Hub is a cloud-based data streaming service that ingests and processes millions of events per second from devices, applications, or systems in real time.
Event log
An event log is a file or record that stores a chronological list of events, changes, errors, or security incidents occurring on a computer system or network.
Event Viewer
Event Viewer is a built-in Windows tool that logs system, security, and application events to help administrators monitor and troubleshoot issues.
Event-driven architecture
Event-driven architecture is a software design pattern where components communicate by producing, detecting, and reacting to events, enabling decoupled, scalable, and responsive systems.
EventBridge
Amazon EventBridge is a serverless event bus service that connects application components by routing events from various sources to targets like AWS services or custom endpoints.
Events in Kubernetes
Events in Kubernetes are timestamped records that capture state changes, errors, and important actions happening inside a cluster, helping administrators and tools monitor and troubleshoot the system.
Evidence
Evidence is any data or documentation that proves an event, action, or condition occurred, crucial for verifying compliance, security incidents, or system changes.
Evidence Admissibility
Evidence admissibility is the legal and technical standard that determines whether digital evidence can be used in a court of law.
Evidence handling
Evidence handling is the process of properly collecting, preserving, documenting, and storing digital evidence to maintain its integrity and admissibility in legal or administrative proceedings.
Evidence preservation
Evidence preservation is the process of protecting and maintaining digital data in its original state so it can be used in legal or investigative proceedings without being altered or corrupted.
Evil twin
An evil twin attack is a rogue wireless access point that impersonates a legitimate network to intercept or manipulate user traffic.
Evil Twin Attack
An evil twin attack is a type of wireless hacking where a fake Wi-Fi access point mimics a legitimate one to trick users into connecting, allowing the attacker to intercept traffic and steal data.
Exam domain
An exam domain is a major topic area or category of knowledge that a certification exam tests, like a chapter in a study guide.
Exam objective
An exam objective is a specific topic or skill that a certification exam will test you on, listed in an official document from the exam provider.
Exchange admin center
The Exchange admin center (EAC) is a web-based management console used by IT administrators to manage email, calendars, contacts, and other mail-related features in Microsoft Exchange Server or Exchange Online.
Exchange Online
Exchange Online is Microsoft's cloud-based email, calendar, and contact hosting service that is part of the Microsoft 365 suite, allowing organizations to manage corporate messaging without maintaining their own mail servers.
Exchange role
An Exchange role is a specific set of server functions within Microsoft Exchange Server that handles a portion of the email messaging system, such as mailbox management, client access, or message transport.
Execution role
An execution role is a set of permissions assigned to a service or resource that defines what actions it can perform on other AWS or cloud resources on your behalf.
Executive summary
An executive summary is a concise overview of a longer document that highlights the key points, findings, and recommendations so busy stakeholders can quickly grasp the essential information without reading the full report.
exFAT
exFAT is a file system created by Microsoft for flash drives and memory cards that allows files larger than 4 GB to be stored and works across both Windows and macOS.
Exit code
An exit code (or return code) is a numeric value that a program or script sends back to the operating system after it finishes running, signaling whether it succeeded or failed.
Exit interface
The exit interface is the network interface through which a router forwards a packet out of the router after matching a route in its routing table.
Expansion slot
An expansion slot is a socket on a computer's motherboard that allows you to add extra hardware components, like a graphics card or network card, to improve the system's capabilities.
Exploit
An exploit is a piece of code, a sequence of commands, or a technique that takes advantage of a vulnerability in a system or software to cause unintended behavior, often for malicious purposes.
Exploit Databases
An exploit database is a curated collection of known software vulnerabilities, proof-of-concept exploit code, and security research findings used by ethical hackers and security professionals to test and defend systems.
Exploitability
Exploitability is a measure of how easy or difficult it is for an attacker to take advantage of a vulnerability in a system or software.
Exploitation
Exploitation is the act of using a vulnerability or weakness in a system, network, or application to gain unauthorized access, cause damage, or extract data.
Exposure
Exposure is the measure of potential loss or harm to an organization's assets when a vulnerability is exploited by a threat, often expressed as the window of time or degree of access an attacker has.
Exposure factor
Exposure factor is the percentage of an asset's value that would be lost if a specific threat event occurs, used to calculate the single loss expectancy in risk analysis.
Express workflow
An Express workflow is a sequence of automated steps in a server-side web application, typically built with the Express.js framework, that handles requests and responses efficiently.
ExpressRoute
ExpressRoute is a cloud service that creates a private, dedicated network connection between your on-premises infrastructure and Microsoft Azure, bypassing the public internet for faster, more reliable data transfer.
ExpressRoute Design
ExpressRoute Design is the process of planning a dedicated, private network connection from an on-premises data center to Microsoft Azure, bypassing the public internet for improved reliability and speed.
ext4
ext4 is the default file system for many Linux distributions, designed to store and manage files on a hard drive or SSD with journaling, large volume support, and backward compatibility.
Extended ACL
An extended access control list (ACL) is a set of rules that filters network traffic based on source and destination IP addresses, protocol type, and port numbers, providing more granular control than a standard ACL.
Extended Detection and Response
Extended Detection and Response (XDR) is a security approach that collects and analyzes data from multiple sources like endpoints, networks, servers, and email to detect and stop threats more effectively.
Extended File Allocation Table
Extended File Allocation Table (exFAT) is a file system created by Microsoft that allows very large files and large storage volumes to be used across different operating systems like Windows and macOS.
Extended File System
The Extended File System (ext) is a foundational file system family used in Linux operating systems to organize and manage data on storage devices.
Extended Service Set Identifier
An Extended Service Set Identifier (ESSID) is the name of a wireless network that uses multiple access points to cover a larger area, allowing devices to roam seamlessly between them.
Extensible Authentication Protocol
Extensible Authentication Protocol (EAP) is a flexible authentication framework used in network access control, particularly in wireless and point-to-point connections, that supports multiple authentication methods without requiring changes to the underlying protocol.
Extensible Authentication Protocol over LAN
EAP over LAN (EAPoL) is a protocol that carries authentication messages between a device and a network access point before the device is allowed to connect to the network.
Extensible Markup Language
Extensible Markup Language (XML) is a markup language that defines rules for encoding documents in a format that is both human-readable and machine-readable.
External identity
External identity refers to a digital identity that originates from a source outside your organization, such as a social media account or another company's directory, and is used to grant access to your applications or resources.
External Serial Advanced Technology Attachment
External Serial Advanced Technology Attachment is a standard interface for connecting external storage devices like hard drives and SSDs to a computer using a high-speed serial cable.
External sharing
External sharing is the process of granting access to an organization's internal resources, such as documents or sites, to users who are not part of the organization's own identity system.
Fabric Fundamentals
Fabric Fundamentals is the set of core concepts behind a network fabric, where switches and routers form a single logical system that simplifies traffic forwarding and automation.
Face detection
Face detection is an AI service that identifies and locates human faces in images or video, distinguishing them from other objects or backgrounds.
Face unlock
Face unlock is a biometric security feature that uses facial recognition technology to authenticate a user by analyzing unique facial features.
Facial Recognition Technology
Facial recognition technology is a biometric security method that identifies or verifies a person by analyzing and comparing patterns of their facial features.
Faded print
Faded print is a printer output defect where text or images appear lighter or less distinct than intended, often due to low toner or ink, worn components, or incorrect settings.
fail2ban
Fail2ban is a security tool that monitors log files for repeated authentication failures and temporarily bans the offending IP addresses using firewall rules.
Failover
Failover is the automatic switching to a backup system when the primary system fails, ensuring continuous operation and minimal downtime.
Failover routing
Failover routing is a network design that automatically redirects traffic to a backup path when the primary path fails, keeping services available.
Fairness
Fairness in AI means designing and deploying machine learning models that do not produce biased outcomes against any group of people based on protected characteristics like race, gender, or age.
Falco Runtime Security
Falco Runtime Security is an open-source tool that continuously monitors system and container behavior to detect unexpected or malicious activities.
False negative
A false negative is when a security tool fails to detect a real threat, mistakenly treating it as harmless.
False positive
A false positive is an alert or result that indicates a security threat or vulnerability exists when in fact there is no real issue.
False positive validation
A false positive validation occurs when a security tool incorrectly identifies a legitimate activity, file, or user as a threat.
Fargate
Fargate is an AWS compute engine that lets you run containers without having to manage the underlying servers or clusters.
FAT File System Forensics
FAT File System Forensics is the practice of recovering and analyzing digital evidence from storage devices formatted with the File Allocation Table file system.
FAT32
FAT32 is a file system that organizes and manages how data is stored on storage devices like USB drives and memory cards.
Fault domain
A fault domain is a boundary within a computing environment that groups together components that share a single point of failure, helping to isolate the impact of hardware or software failures.
Fault tolerance
Fault tolerance is the ability of a system to continue operating properly even when one or more of its components fail.
FC
Fibre Channel (FC) is a high-speed network technology primarily used for storage area networks (SANs) to connect servers to shared storage devices.
Feasible Successor
A backup route in an EIGRP network that is immediately available if the primary route fails, without needing to run the Diffusing Update Algorithm (DUAL) again.
Feature
A feature is a distinct unit of functionality that delivers value to the user, often managed and tracked throughout the software development lifecycle.
Feature flag
A feature flag is a software development technique that allows developers to turn features on or off without deploying new code, enabling safer releases and testing.
Feature telemetry
Feature telemetry is the automatic collection and transmission of usage data about specific software features to help organizations understand how those features are being used, identify issues, and improve performance.
Feature update
A Feature update is a major semiannual Windows release that introduces new capabilities, changes the OS build number, and requires careful planning for enterprise deployment.
Feature update policy
A feature update policy is a set of rules that controls how and when new features and capabilities are deployed to software, ensuring consistency, security, and minimal disruption across an organization.
Federated identity
Federated identity is a system that allows users to use one set of login credentials across multiple different organizations' systems and websites without needing to create separate accounts.
Federation
Federation is a system that lets you use one set of login credentials (like your work email and password) to access resources across different organizations or services without needing separate accounts for each one.
Feedback loop
A feedback loop is a process where the output of a system is returned as input to guide and adjust future behavior, helping maintain stability or improve performance.
FHRP
First Hop Redundancy Protocol (FHRP) is a network protocol that provides automatic default gateway failover for hosts on a subnet.
Fiber internet
Fiber internet is a broadband connection that uses strands of glass or plastic to transmit data as pulses of light, offering higher speeds and more reliable service than traditional copper-based connections.
Fiber optic cable
A fiber optic cable is a high-speed data transmission medium that uses pulses of light traveling through thin strands of glass or plastic to carry information over long distances with minimal signal loss.
Fibre Channel
Fibre Channel is a high-speed networking technology used to connect computer data storage to servers, enabling fast and reliable data transfer in enterprise data centers.
FIFO queue
A FIFO queue is a data structure that processes items in the exact order they arrive, like a line at a grocery store where the first person in line is served first.
File association
File association is the operating system configuration that links a specific file type or extension to a default program that can open, edit, or execute that file.
File Explorer
File Explorer is the graphical file management tool in Windows that allows users to navigate, organize, and manage files and folders on their computer.
File Inclusion Attacks
File inclusion attacks exploit web application vulnerabilities to load remote or local files, often allowing attackers to execute code, steal data, or compromise a server.
File permission
A file permission is a security setting that controls who can read, write, or execute a file or directory on an operating system.
File share
A file share is a centralized storage location on a network where multiple users can access, read, write, and manage files simultaneously.
File storage
File storage is a cloud service that organizes and stores data in a hierarchical structure of files and folders, accessible over a network using standard file-sharing protocols.
File Transfer Protocol
File Transfer Protocol (FTP) is a standard network protocol used to transfer files between a client and a server over a TCP/IP network.
File Transfer Protocol Secure
File Transfer Protocol Secure (FTPS) is a secure version of FTP that adds encryption using TLS or SSL to protect data during file transfers.
Fileless malware
Fileless malware is a type of malicious activity that uses legitimate system tools and memory to execute attacks, leaving no traditional file on the hard drive.
Filestore
Google Cloud Filestore is a managed file storage service that lets you mount a network file system (NFS) to multiple virtual machines simultaneously, just like a shared folder on an office network.
FileVault
FileVault is a full-disk encryption feature built into macOS that protects all data on a Mac's startup disk by scrambling it so that only authorized users can unlock and access it.
find
The find command in Unix/Linux is a powerful utility for searching files and directories based on a wide range of criteria such as name, size, type, permissions, and modification time.
Finder
Finder is the default file manager and graphical user interface shell used on macOS to organize, access, and manage files, folders, and applications.
Fingerprint unlock
Fingerprint unlock is a biometric authentication method that uses the unique patterns of a person's fingerprint to verify their identity and grant access to a device or system.
Fingerprinting
Fingerprinting is the process of gathering information about a target system or network to identify its operating system, services, software versions, and configuration details during the reconnaissance phase of a security assessment.
Firestore
Firestore is a flexible, scalable, serverless NoSQL database from Google Cloud that automatically syncs data across applications in real time.
Firewall
A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predetermined security rules to protect trusted internal networks from untrusted external networks.
Firewall Configuration
Firewall configuration is the process of setting rules that control which network traffic is allowed to enter or leave a computer or network, acting as a security gatekeeper.
Firewall log
A firewall log is a record of network traffic that a firewall has allowed or denied, used by IT professionals to monitor security events and troubleshoot connectivity issues.
Firewall rule
A firewall rule is a set of conditions that tells a firewall which network traffic to allow or block based on attributes like source, destination, port, and protocol.
firewalld
firewalld is a dynamic firewall management tool for Linux systems that controls incoming and outgoing network traffic using zones and rules.
Firmware
Firmware is specialized software permanently stored in read-only memory on a hardware device that controls how that device operates at a basic level.
Firmware update
A firmware update is a process that replaces or patches the permanent software programmed into a hardware device to fix bugs, patch security vulnerabilities, or add new features.
First Hop Redundancy Protocol
A First Hop Redundancy Protocol provides automatic backup for the default gateway router on a network so that devices keep working if the primary router fails.
First usable address
The first IP address in a subnet that can be assigned to a host, typically one higher than the network ID.
flatpak
Flatpak is a software utility for Linux that allows you to install, manage, and run applications in a sandboxed environment, making them work across different Linux distributions.
Flex Links
Flex Links is a Cisco switch feature that provides simple, automatic failover between two physical interfaces or port channels to ensure network uptime with minimal configuration.
FlexConnect
Cisco FlexConnect is a wireless architecture that allows branch office access points to operate independently, forwarding traffic locally when the controller connection is lost.
FlexVPN
FlexVPN is a Cisco VPN solution that combines multiple VPN technologies (site-to-site, remote access, and hub-and-spoke) under a single, modular framework based on IKEv2.
Floating static route
A floating static route is a backup route in a routing table that is only used when the primary route fails, because it has a higher administrative distance (lower priority).
Flooding
Flooding is a network switching technique where a switch sends incoming frames out through all its ports except the one it received the frame from, to ensure the frame reaches its destination when the switch does not know the correct port.
Flow control
Flow control is a technique that manages the rate of data transmission between two devices to prevent a fast sender from overwhelming a slow receiver.
Focus on value
Focus on value is an ITIL guiding principle that means every activity, process, and decision in IT service management should directly deliver value to the customer or the business.
Folder
A folder is a logical container used to organize and group digital files, resources, or cloud-based assets within a system or platform.
Folder permission
Folder permission is a security setting that determines which users or groups can access, modify, or manage a folder and its contents on an operating system.
Foreign key
A foreign key is a column or set of columns in a database table that links to the primary key of another table, ensuring relational integrity between the two.
Forensic Evidence Collection
Forensic evidence collection is the process of identifying, preserving, and gathering digital data from computers and devices in a way that keeps it valid for use in legal investigations or internal incident response.
Forensic image
A forensic image is an exact, bit-for-bit copy of a storage device, including all deleted and hidden data, created and preserved for digital investigation.
Forensic Investigation Process
The forensic investigation process is a structured series of steps used to collect, preserve, analyze, and present digital evidence from computers and networks for legal or internal purposes.
Form factor
Form factor is the physical size, shape, and layout of a hardware component that determines how it fits and connects inside a computer or device.
Form recognizer
A cloud-based service that uses machine learning to extract text, key-value pairs, and tables from documents like invoices and receipts.
Forwarding state
A Spanning Tree Protocol port state where the port is fully operational, forwarding both data frames and BPDUs, and is part of the active loop-free topology.
FQDN
A complete domain name that specifies the exact location of a host in the DNS hierarchy, ending with a trailing dot.
Frame
A frame is a unit of data at the Data Link layer of networking, containing header, payload, and trailer information for local network delivery.
Frame forwarding
Frame forwarding is the process by which a network switch or bridge receives a data unit called a frame on one port and transmits it out the appropriate destination port based on the MAC address table.
Free Tier
A Free Tier is a limited, no-cost service level offered by cloud providers that lets users explore and test features without paying.
Fresh Start
Fresh Start is a Windows deployment and recovery feature that reinstalls Windows while removing all pre-installed manufacturer applications, aiming to restore the operating system to a clean, original state.
fsck
fsck is a command-line tool that checks and repairs inconsistencies in a file system, ensuring data integrity.
fstab
fstab is a system configuration file in Linux that defines how and where storage devices and partitions are mounted at boot time.
FSx
Amazon FSx is a fully managed Windows file server and Lustre file system service that provides native file storage for Windows workloads and high-performance computing (HPC) in the AWS cloud.
FTK Imager
FTK Imager is a free forensic imaging tool used to create exact copies of computer drives and storage devices for digital evidence analysis.
FTP
FTP, or File Transfer Protocol, is a standard network protocol used to transfer files between a client and a server over a TCP/IP network.
FTPS
FTPS (File Transfer Protocol Secure) adds TLS/SSL encryption to standard FTP, protecting data and credentials during file transfers.
Full backup
A full backup is a complete copy of all selected data, files, or system state, serving as the foundation for any backup strategy.
Full duplex
Full duplex is a communication mode where data can be sent and received simultaneously between two parties, like a two-way conversation without interruptions.
Full packet capture
Full packet capture is the process of recording every single data packet that travels across a network segment, including headers and payload, for later analysis.
Fully Qualified Domain Name
A Fully Qualified Domain Name is the complete and unambiguous website or server name that includes the host, domain, and top-level domain, leaving no room for guesswork.
Function As A Service
Function as a Service (FaaS) is a cloud computing model that lets you run small pieces of code in response to events without managing servers or infrastructure.
Functions
A function is a reusable block of code that performs a specific task, taking inputs, processing them, and returning a result, helping to organize and automate IT workflows.
Fuser assembly
The fuser assembly is the part of a laser printer that uses heat and pressure to permanently bond toner particles to paper.
Gateway endpoint
A gateway endpoint is a networking component that acts as an entry and exit point for traffic between two different networks, typically translating between incompatible protocols or addressing schemes.
gcloud CLI
The gcloud CLI is a command-line tool that lets you manage Google Cloud resources by typing commands instead of clicking through a web interface.
GDPR
The General Data Protection Regulation (GDPR) is a European Union law that sets strict rules for how organizations collect, store, process, and protect the personal data of individuals within the EU.
General Data Protection Regulation
A European Union law that gives individuals control over their personal data and sets strict rules for how organizations collect, store, and process that data.
General management practice
General management practice refers to the set of established methods, principles, and processes used to plan, organize, direct, and control resources and activities within an organization, applied here specifically to IT service management as defined in ITIL.
Generative AI
Generative AI is a type of artificial intelligence that creates new content—like text, images, or code—by learning patterns from existing data.
Geo-redundant storage
Geo-redundant storage is a data storage strategy that automatically copies and maintains data in at least two geographically separated locations to protect against regional disasters and ensure high availability.
GET VPN
Group Encrypted Transport VPN is a Cisco technology that secures IP multicast and unicast traffic across a wide area network using a shared security association rather than point-to-point tunnels.
getfacl
getfacl is a Linux/Unix command that displays the Access Control Lists (ACLs) for files and directories, showing detailed permissions beyond the standard user-group-other model.
Ghosting
Ghosting is a printing defect where faint, unintended images or text appear on printed pages, often due to residual toner or ink left on a component from a previous print cycle.
Git
Git is a version control system that tracks changes to files so multiple people can work on the same project without overwriting each other's work.
Gitflow
Gitflow is a branching model for Git that defines a structured set of branch types and workflows to manage feature development, releases, and hotfixes in software projects.
GitHub
GitHub is a cloud-based platform for storing, tracking, and collaborating on code using Git version control.
GitHub Actions
GitHub Actions is an automation platform that lets you build, test, and deploy code directly from GitHub repositories using custom workflows.
GitHub Advanced Security
GitHub Advanced Security is a suite of security tools integrated into GitHub that helps developers find and fix vulnerabilities, secrets, and code quality issues directly in their repositories.
GitOps
GitOps is a way to manage and automate cloud infrastructure and applications by using a Git repository as the single source of truth, where all changes are made through pull requests and automatically applied by a software agent.
GKE
GKE is Google's managed Kubernetes service that automates deploying, scaling, and managing containerized applications in the cloud.
GKE Autopilot
GKE Autopilot is a managed mode of Google Kubernetes Engine that automatically handles node provisioning, scaling, and maintenance so you only pay for your running pods.
GKE Standard
GKE Standard is a Google Kubernetes Engine cluster mode where you pay for the underlying virtual machines and manage the cluster infrastructure yourself, including node pools and scaling decisions.
Glacier
Amazon S3 Glacier is a cloud storage service designed for long-term data archiving and backup, offering very low storage costs in exchange for longer retrieval times.
GLBP
GLBP (Gateway Load Balancing Protocol) is a Cisco proprietary protocol that provides automatic failover and load balancing for default gateways on a local area network.
Global Accelerator
A networking service that improves the performance and reliability of applications by directing user traffic through the optimal global network path.
Global infrastructure
Global infrastructure refers to the worldwide network of data centers, servers, and connectivity resources that cloud providers use to deliver services reliably and at scale to users across the globe.
Global load balancer
A global load balancer distributes incoming network traffic across multiple servers located in different geographic regions to improve performance, reliability, and availability.
Global Positioning System
A satellite-based navigation system that provides location and time information to a receiver anywhere on Earth, as long as it has a clear line of sight to the sky.
Global secondary index
A Global Secondary Index (GSI) is a schema on a database table that lets you query data using an alternate key, with its own provisioned throughput, and it spans all partitions in a distributed system.
Global table
A global table is a single database table that is automatically replicated across multiple geographic regions, allowing applications to read and write data with low latency from anywhere in the world.
Global VNet peering
Global VNet peering is a networking feature that connects two virtual networks located in different Azure regions, allowing resources in each network to communicate directly through the Microsoft backbone.
Golden ticket
A forged Kerberos authentication ticket that grants an attacker unrestricted domain admin access to all resources in a Windows Active Directory environment.
Google Cloud
Google Cloud is a suite of cloud computing services offered by Google that provides infrastructure, platform, and software solutions over the internet.
Google Cloud project
A Google Cloud project is a container that holds all your cloud resources like virtual machines, databases, and storage, acting as the main building block for organizing and managing everything you do in Google Cloud.
Google Cloud region
A Google Cloud region is a specific geographic location where you can deploy and run cloud resources, consisting of at least three zones to provide high availability and low latency.
Google Cloud zone
A Google Cloud zone is a deployable location within a region where you can place your cloud resources like virtual machines and storage.
Google dorking
Google dorking is the practice of using advanced search operators in Google to uncover sensitive information that companies or individuals unintentionally expose on the internet.
Google Drive
Google Drive is a cloud-based file storage and synchronization service that lets you store, share, and access files from any device with an internet connection.
Google Kubernetes Engine
Google Kubernetes Engine (GKE) is a managed Kubernetes service on Google Cloud that lets you deploy, scale, and manage containerized applications without having to operate the underlying cluster control plane.
Governance
Governance is the framework of policies, processes, and controls that ensures IT activities align with business goals and comply with regulations.
GPG
GPG (GNU Privacy Guard) is a free, open-source encryption tool that allows users to securely encrypt, decrypt, and sign data and communications.
GPU
A GPU (Graphics Processing Unit) is a specialized processor that handles the rendering of images, video, and animations for display output and can also be used for general-purpose parallel computing tasks.
Grandfather-Father-Son
A tape backup rotation scheme where three sets of backup media are used: daily (son), weekly (father), and monthly (grandfather) to balance storage cost and data recovery capability.
Graphical User Interface
A visual way for users to interact with a computer using icons, menus, and windows instead of typing text commands.
Graphics Processing Unit
A specialized electronic circuit designed to rapidly manipulate and alter memory to accelerate the creation of images in a frame buffer intended for output to a display.
GRE
GRE (Generic Routing Encapsulation) is a tunneling protocol that encapsulates packets inside other packets to transport them across incompatible networks.
GRE
Generic Routing Encapsulation is a tunneling protocol that wraps packets of one protocol inside another protocol to transport them across an intermediary network.
GRE Tunnel
A GRE tunnel is a method that wraps one network protocol inside another, allowing data to travel across a network that might not support that protocol directly.
grep
grep is a command-line tool that searches through text for lines matching a pattern, used by IT professionals to quickly find information in files or command output.
Group
A group is a collection of users, devices, or other objects that are assigned permissions and policies together for simplified management in identity and governance systems like Microsoft Entra ID.
Group lifecycle
Group lifecycle is the process that governs how a security group is created, modified, used, and eventually removed within an identity and access management system.
Group Policy
Group Policy is a Windows-based feature that allows administrators to centrally manage and enforce settings for users and computers across an organization.
groupadd
groupadd is a Linux command that creates a new user group on a system, used to organize users and manage permissions collectively.
GRS
GRS (Georedundant Storage) is a data replication method that copies your stored data to a secondary region hundreds of miles away to protect against regional disasters.
GRUB
GRUB (Grand Unified Bootloader) is a boot loader package that loads and manages the operating system startup process on Linux and other Unix-like systems.
GuardDuty
AWS GuardDuty is a managed threat detection service that continuously monitors for malicious activity and unauthorized behavior in an AWS environment.
Guest access
Guest access allows a user to temporarily connect to a network, application, or shared resource with limited permissions, without being a permanent member of the organization.
Guest user
A guest user is a temporary or limited-access account that allows someone to use a system, network, or application without full user privileges and often without a permanent identity.
GUI
A Graphical User Interface (GUI) is a visual way for users to interact with a computer or device using icons, buttons, and windows instead of typing text commands.
GUID
A GUID is a 128-bit identifier used to uniquely identify resources across all systems and networks.
GUID Partition Table
A GUID Partition Table (GPT) is a modern standard for organizing and managing partitions on a storage drive, replacing the older Master Boot Record (MBR) system.
Guideline
A guideline is a recommended set of best practices or instructions that provide direction for implementing, managing, or governing IT processes, without being strictly mandatory or enforced like a policy.
Guiding principles
Guiding principles are a set of fundamental, universal recommendations that guide an organization in all its actions and decision-making, especially when adopting service management practices like ITIL.
GWLB
AWS Gateway Load Balancer is a cloud service that distributes traffic to third-party virtual appliances like firewalls and intrusion detection systems at scale.
Half duplex
Half duplex is a data transmission mode that allows communication in both directions, but only one direction at a time, like a walkie-talkie.
Hard Disk Drive
A hard disk drive (HDD) is a data storage device that uses spinning magnetic platters and a moving read/write head to store and retrieve digital information.
Hard Drive Troubleshooting
Hard drive troubleshooting is the process of identifying, diagnosing, and fixing problems with a computer's storage device so that data can be saved or retrieved correctly.
Hard link
A hard link is a directory entry that associates a name with a file's data on a storage device, allowing multiple filenames to point to the same underlying inode and data blocks.
Hardening
Hardening is the process of securing a computer system or network by reducing its attack surface, disabling unnecessary services, and applying security configurations.
Hardening checklist
A hardening checklist is a systematic list of security steps used to reduce vulnerabilities in a computer system, network, or application.
Hardware security module
A specialized hardware appliance that securely generates, stores, and manages cryptographic keys in a tamper-resistant environment for enterprise security systems.
Hash cracking
Hash cracking is the process of attempting to reverse a hashed value back to its original plaintext input, typically used by attackers to recover passwords or by security professionals to test password strength.
Hashcat
Hashcat is a powerful password recovery tool that uses various attack methods to crack password hashes, widely used by security professionals and penetration testers.
Hashing
Hashing is a one-way mathematical function that converts any input data into a fixed-length string of characters, called a hash or digest, which is used to verify data integrity and store passwords securely.
HDD
A Hard Disk Drive (HDD) is a data storage device that uses spinning magnetic disks to read and write digital information.
Health check
A health check is an automated test that monitors whether a system, application, container, or network service is running correctly and can respond to requests.
Heat sink
A heat sink is a piece of metal attached to a computer component that pulls heat away from it and spreads it into the air so the part does not overheat.
Hello packet
A Hello packet is a small OSPF message sent by routers to discover neighboring routers, establish and maintain neighbor relationships, and elect a Designated Router on multiaccess networks.
Hello timer
The Hello timer is the interval at which an OSPF router sends Hello packets to discover and maintain neighbor relationships on a network segment.
Helm Charts
Helm Charts are packages of pre-configured Kubernetes resources that let you install, upgrade, and manage complex applications on a Kubernetes cluster with a single command.
Here document
A here document is a scripting feature that allows you to embed a block of text or code directly inside a script without needing to use multiple echo or print statements, and it can include variables and special characters.
High availability
High availability is a system design approach that aims to keep applications and services operational and accessible with minimal downtime, even when some components fail.
High Availability in Enterprise Networks
High Availability in Enterprise Networks is the design principle that ensures network services remain accessible and operational with minimal downtime, even when individual components fail.
High CPU usage
A network device condition where processor utilisation reaches levels that degrade performance or cause service interruptions.
High Definition
High Definition (HD) refers to a display resolution or video quality that is significantly higher than standard definition, typically starting at 1280x720 pixels (720p).
High disk usage
High disk usage is a condition where a computer's storage drive is working near or at its maximum capacity, causing slow performance, lag, or unresponsiveness.
High-definition Media Interface
A standard cable and connector used to send high-quality video and audio from one device to another, like from a laptop to a monitor or TV.
HIPAA
HIPAA is a U.S. law that sets national standards for protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.
HMAC
HMAC (Hash-based Message Authentication Code) is a mechanism that uses a cryptographic hash function together with a secret key to verify both the integrity and authenticity of a message.
Horizontal Pod Autoscaling
Horizontal Pod Autoscaling automatically adjusts the number of pod replicas in a Kubernetes cluster based on observed CPU, memory, or custom metrics.
Host firewall
A host firewall is a software-based security tool that runs directly on an individual device, such as a laptop, server, or desktop, to monitor and control incoming and outgoing network traffic based on a set of security rules.
Hosted zone
A hosted zone is a container for DNS records that holds the information needed to route internet traffic for a domain name.
Hostname
A hostname is a unique label assigned to a device on a network so other devices can find and communicate with it.
hostnamectl
A command-line tool in Linux that allows users to view and change the system hostname and related network identification settings without editing configuration files manually.
Hot Standby Router Protocol
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that provides first-hop redundancy by allowing a backup router to automatically take over if the primary router fails.
Hot tier
Hot tier is a storage category used for data that is accessed frequently and needs fast retrieval, typically stored on high-performance hardware like SSDs.
Hot-swappable drive
A drive that can be removed and replaced without powering down the computer or system it is connected to.
HSM
An HSM (Hardware Security Module) is a dedicated hardware device that securely generates, stores, and manages cryptographic keys used to protect sensitive data.
HSRP
HSRP stands for Hot Standby Router Protocol, a Cisco proprietary protocol that allows multiple routers to work together as a single virtual router to provide default gateway redundancy.
HSRP vs VRRP vs GLBP
HSRP, VRRP, and GLBP are network protocols that provide high availability by allowing multiple routers to work together as a single virtual router, ensuring that if one router fails, another automatically takes over without disrupting the network.
HTTP
HTTP stands for Hypertext Transfer Protocol, the set of rules web browsers and servers use to communicate and transfer web pages over the internet.
HTTP API
An HTTP API is a set of rules and tools that allows computer programs to communicate with each other over the internet using the Hypertext Transfer Protocol.
HTTP(S) Load Balancer
A network device or software that distributes incoming web traffic across multiple servers using HTTP or HTTPS protocols to ensure high availability, reliability, and performance.
HTTPS
HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP that encrypts data between a web browser and a web server using SSL/TLS protocols.
Hub
A hub is a basic networking device that connects multiple computers or devices together so they can communicate, but it sends all data to every connected port without filtering.
Hub site
A top-level SharePoint site that organizes and unifies related sites under a common navigation, branding, and search structure within an organization.
Hunting query
A hunting query is a proactive, iterative Kusto Query Language (KQL) query used in Microsoft 365 Defender and Azure Sentinel to search for hidden threats, anomalies, and indicators of compromise across security data.
Hybrid Azure AD join
Hybrid Azure AD join is a Microsoft identity configuration that registers on-premises domain-joined devices with Azure Active Directory (Azure AD) to enable single sign-on and access to both on-premises and cloud resources.
Hybrid cloud
A hybrid cloud is a computing environment that combines a private cloud (on-premises infrastructure) with one or more public cloud services, allowing data and applications to be shared between them.
Hybrid identity
Hybrid identity is an approach that synchronizes and manages user identities across both on-premises directories and cloud-based services, allowing seamless access to resources in both environments.
Hybrid Identity Design
Hybrid Identity Design is the process of creating a system that lets users access resources both on their company's local network and in the cloud using a single set of credentials.
Hybrid Project Management
Hybrid Project Management is a flexible approach that combines elements of traditional waterfall project management with agile methodologies to adapt to project and organizational needs.
Hybrid Security Architecture
A hybrid security architecture is a security framework that protects an organization's IT resources across both on-premises data centers and cloud environments using a unified set of policies and controls.
Hypertext Transfer Protocol
Hypertext Transfer Protocol (HTTP) is the foundational communication protocol used to transfer web pages and other data between a web browser and a web server over the internet.
Hypertext Transfer Protocol Secure
Hypertext Transfer Protocol Secure, or HTTPS, is the secure version of HTTP that encrypts data between a web browser and a website using SSL/TLS to protect sensitive information like passwords and credit card numbers.
Hypervisor
A hypervisor is software that creates and runs virtual machines by allowing multiple operating systems to share a single hardware host.
Hypothesis-driven hunting
Hypothesis-driven hunting is a proactive security approach where analysts form educated guesses about potential threats and then actively search for evidence to confirm or refute those guesses.
IaaS
IaaS stands for Infrastructure as a Service, which means renting virtual computing resources like servers, storage, and networking from a cloud provider instead of buying and managing physical hardware yourself.
IaC
Infrastructure as Code (IaC) manages and provisions IT infrastructure through machine-readable definition files, rather than manual hardware configuration.
IAM
Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources.
IAM binding
An IAM binding is a collection of members (users, groups, or service accounts) assigned to a single role within a Google Cloud resource policy, defining who has what permissions.
IAM group
An IAM group is a collection of IAM users in a cloud or identity system that simplifies permission management by allowing you to assign policies to multiple users at once.
IAM misconfiguration
An IAM misconfiguration occurs when identity and access management settings are incorrectly set, granting too many or too few permissions to users or services, which can lead to security breaches or operational failures.
IAM policy
An IAM policy is a set of rules that determines who can access specific cloud resources and what actions they are allowed to perform.
IAM role
An IAM role is a set of permissions that an entity can assume temporarily to access cloud resources securely.
IAM user
An IAM user is an identity created in AWS Identity and Access Management that represents a person or service interacting with AWS resources, with its own credentials and permissions.
IAST
IAST (Interactive Application Security Testing) is a security testing method that analyzes an application from within while it is running, typically during automated testing or manual QA, to find vulnerabilities in real time.
iBGP
iBGP (Internal Border Gateway Protocol) exchanges routing information between routers within the same autonomous system.
IBGP vs EBGP
IBGP and EBGP are two types of BGP (Border Gateway Protocol) sessions used in network routing: EBGP exchanges routes between different autonomous systems, while IBGP exchanges routes within the same autonomous system.
iCloud
iCloud is Apple's cloud storage and cloud computing service that lets users store data like photos, documents, and backups on remote servers and sync them across their Apple devices.
ICMP
ICMP is a network-layer protocol used by network devices to send error messages and operational information about network connectivity.
ICMP
ICMP is a network protocol used by devices to send error messages and operational information about network communication problems.
ICS
An ICS is a system of networked devices used to monitor and control industrial processes, such as manufacturing or power generation.
Idempotency
Idempotency means that an operation can be performed multiple times without changing the result beyond the first application.
Identification
Identification is the process where a user or device claims an identity, often by providing a username, ID number, or account name, before proving that claim with authentication.
Identity
Identity is the unique set of attributes that defines a user, device, or service in a computer system, determining what they can access and do.
Identity and access management
Identity and access management (IAM) is the security discipline that ensures the right individuals access the right resources at the right times for the right reasons.
Identity as security perimeter
A security model where trust is determined by user identity and context rather than the network location, treating identity itself as the primary boundary for access control.
Identity Governance
Identity Governance is the policy-based framework that ensures the right people have the right access to the right resources at the right time, with oversight and control.
Identity proofing
Identity proofing is the process of verifying that a person is who they claim to be before granting access to systems or data.
Identity protection
Identity protection is the set of policies, technologies, and practices used to secure digital identities and prevent unauthorized access to systems and data.
Identity provider
An identity provider (IdP) is a system that creates, stores, and manages digital identities and authenticates users for other applications and services.
IDF
An IDF is a secondary telecommunications room in a building that connects floor or area network equipment back to the main equipment room.
IDOR
IDOR (Insecure Direct Object Reference) is a vulnerability where an application exposes internal object references, allowing attackers to access or modify data by manipulating those references.
IDS
An IDS is a security system that monitors network or system traffic for suspicious activity and alerts administrators to potential threats, but does not actively block them.
ifconfig
ifconfig is a command-line tool used to configure and display network interface parameters on Unix-like operating systems.
IGMP
IGMP manages multicast group membership between hosts and routers, enabling efficient one-to-many IP communication.
IGP
IGP (Interior Gateway Protocol) is a routing protocol used to exchange routing information within a single autonomous system, such as a corporate network.
IIoT
IIoT (Industrial Internet of Things) connects industrial machines and sensors to networks for data collection, analysis, and automation in manufacturing, energy, and utilities.
IIS
IIS is a Microsoft web server that hosts websites, web apps, and services using HTTP/HTTPS protocols on Windows servers.
IIS
IIS (Internet Information Services) is Microsoft's web server software for hosting websites, web applications, and services on Windows Server.
IKE
IKE (Internet Key Exchange) is a protocol used to set up a secure, authenticated communication channel between two parties by establishing and managing the Security Associations for IPsec.
Image
An image is a complete snapshot of a system's operating system, applications, and settings, used to deploy or restore computing environments quickly.
Image backup
An image backup is a complete, sector-by-sector copy of an entire storage device or partition, capturing the operating system, applications, settings, and all data exactly as they exist at the time of the backup.
Image classification
Image classification is the process of teaching a computer to look at a picture and decide what category or label best describes the main object or scene in that picture.
Image Scanning
Image scanning is the automated process of inspecting container images for known vulnerabilities, misconfigurations, and malware before they are deployed into production environments.
Image Signing and Verification
Image signing and verification is the process of digitally signing a container image to prove its origin and integrity, and then checking that signature before using the image to ensure it was not tampered with.
Imaging drum
A cylindrical component in laser printers that transfers toner onto paper using electrostatic charges.
IMAP
IMAP is an email retrieval protocol that keeps messages on the server, enabling access from multiple devices with synchronized state.
IMEI
A unique 15-digit code that identifies a mobile device on a cellular network, like a serial number for phones and tablets.
Impact
Impact is the measure of the potential damage or harm that a risk event could cause to an organization's assets, operations, or reputation.
Impact printer
An impact printer is a type of printer that creates text or images by physically striking a ribbon against paper, using a print head that makes contact with the page.
Impersonation
Impersonation is a security attack where an attacker pretends to be a legitimate person or system to gain unauthorized access, steal data, or commit fraud.
Implicit deny
Implicit deny is a security rule that automatically blocks any network traffic that is not explicitly allowed by an access control list or firewall rule.
Improve
In ITIL, 'Improve' is the service value chain activity responsible for continuously enhancing services, processes, and practices by using feedback, metrics, and lessons learned.
In-plane Switching
In-plane Switching (IPS) is a type of LCD screen technology that gives you wide viewing angles and accurate colors, making it ideal for professional work and exams that test display knowledge.
Inbound ACL
An inbound ACL is a set of rules applied to network traffic entering an interface that decides whether to allow or block that traffic based on criteria like source IP, destination port, or protocol.
Incident
An incident is a security event that violates an organization's policies or threatens its data, systems, or operations, requiring a structured response.
Incident classification
Incident classification is the process of categorizing security incidents based on type, severity, and impact to ensure appropriate response and resource allocation.
Incident documentation
Incident documentation is the practice of recording every detail of a cybersecurity or IT incident, from detection to resolution, to ensure accurate analysis, legal compliance, and process improvement.
Incident management
Incident management is the process of identifying, logging, prioritizing, and resolving IT service disruptions to restore normal operations as quickly as possible with minimal business impact.
Incident response
Incident response is the structured approach an organization uses to identify, contain, and recover from cybersecurity incidents like data breaches or ransomware attacks.
Incident response lifecycle
The Incident response lifecycle is the structured process organizations follow to detect, contain, eradicate, and recover from cybersecurity incidents while learning from each event to improve future defenses.
Incident severity
Incident severity is a classification used in IT incident management to describe the level of impact and urgency of an event, guiding response priority.
Inclusiveness
Inclusiveness in IT means designing systems, software, and workflows so that they are accessible and usable by people with a wide range of abilities, backgrounds, and needs.
Incremental backup
An incremental backup is a backup method that only copies data that has changed since the last backup, whether that last backup was full or incremental.
Index
An index is a data structure that speeds up data retrieval operations on a database table or file, much like a book index helps you find topics quickly.
Indexer
An indexer is a software component that processes content and builds a searchable index so that users can quickly find documents, data, or files based on keywords or phrases.
Indicator of attack
An indicator of attack (IOA) is a sign that an attack is actively occurring or about to occur, focusing on attacker behavior and intent rather than just the artifacts left behind.
Indicator of compromise
An indicator of compromise is a piece of digital evidence—such as a suspicious file hash, IP address, or unusual network pattern—that suggests a system may have been breached by an attacker.
Industrial Control System
An Industrial Control System (ICS) is a network of computers and devices that monitors and controls industrial machinery, such as power plants, water treatment facilities, and assembly lines.
Industrial Internet of Things
The Industrial Internet of Things (IIoT) is a network of physical devices, machines, and sensors in industrial settings that collect and exchange data over the internet to improve efficiency and safety.
Information barriers
Information barriers are policies and technical controls that prevent the unauthorized flow of sensitive information between different parts of an organization to avoid conflicts of interest and ensure compliance.
Information protection
Information protection refers to the policies, procedures, and technologies used to safeguard data from unauthorized access, disclosure, alteration, or destruction.
Information security management
Information security management is the systematic process of developing, implementing, monitoring, and improving policies, procedures, and controls to protect an organization's information assets from threats and ensure confidentiality, integrity, and availability.
Information Technology eXtended
Information Technology eXtended (ITX) is a family of small-form-factor motherboard specifications developed by VIA Technologies for compact and low-power computer systems.
Infrared
Infrared (IR) is a type of wireless communication that uses light waves just below visible red light to send data or control devices over short distances.
Infrastructure as a Service
Infrastructure as a Service (IaaS) is a cloud computing model that provides on-demand virtualized computing resources over the internet, such as virtual machines, storage, and networking, instead of owning and maintaining physical hardware.
Infrastructure as code
Infrastructure as code (IaC) is the practice of managing and provisioning IT infrastructure through machine-readable definition files, rather than through physical hardware configuration or interactive configuration tools.
Infrastructure as code scanning
Infrastructure as code scanning is the automated process of checking infrastructure configuration files for security misconfigurations, compliance violations, and potential vulnerabilities before deployment.
Ingress
Ingress is a Kubernetes API object that manages external access to services within a cluster, typically via HTTP or HTTPS routing rules.
Ingress Controller
An Ingress Controller is a specialized component that manages external access to services in a Kubernetes cluster by processing Ingress resources and routing traffic according to defined rules.
Ingress Resources
Ingress Resources are Kubernetes API objects that manage external access to services inside a cluster, typically HTTP and HTTPS traffic, by defining rules for routing requests based on hostnames and paths.
Inherent risk
Inherent risk is the level of risk that exists in a process or system before any security controls or mitigations are applied.
Init Containers
Init Containers are specialized containers that run and complete before the main containers in a Kubernetes Pod start, used for setup tasks like initializing data or waiting for dependencies.
Init system
An init system is the first process started by the Linux kernel during boot that manages all other processes, services, and system initialization until shutdown.
Initiative
An initiative is a formal, structured effort or project undertaken by an organization to achieve a specific strategic goal, often involving changes to IT systems, policies, or processes.
Ink cartridge
An ink cartridge is a replaceable component of an inkjet printer that holds liquid ink and delivers it onto paper during printing.
Inkjet printer
An inkjet printer is a computer peripheral that creates printed documents or images by spraying tiny droplets of liquid ink onto paper.
inode
An inode is a data structure in a Unix-like file system that stores metadata about a file, such as its size, permissions, and location on disk, but not its name.
Input device
An input device is any hardware component that allows a user to send data, commands, or signals to a computer system.
Insecure deserialization
An application security vulnerability that occurs when untrusted user data is deserialized without proper validation, potentially allowing an attacker to manipulate the application or execute malicious code.
Inside global
An inside global is the public, routable IP address that represents an internal private host when it communicates with devices on the internet.
Inside local
Inside local is the IP address assigned to a device on an internal private network before any Network Address Translation (NAT) is applied.
Insider Risk Management
Insider Risk Management is the practice of identifying, assessing, and mitigating threats that originate from within an organization, such as employees, contractors, or partners who have legitimate access to systems and data.
insmod
insmod is a Linux command used to insert a kernel module into the running Linux kernel without resolving dependencies.
Inspector
An inspector is a tool or role that checks systems, configurations, or data against a set of rules to ensure they are secure and compliant.
Instance group
An instance group is a collection of virtual machine instances that are managed as a single unit for scaling, load balancing, and lifecycle management in cloud computing.
Instance store
Instance store is temporary, block-level storage physically attached to a cloud virtual machine that provides high performance but loses all data when the instance is stopped or terminated.
Instance template
An instance template is a reusable configuration blueprint that defines the virtual machine settings, such as machine type, boot disk image, and network, for creating identical VM instances in Google Cloud Platform.
Instance type
An instance type is a specific configuration of virtual hardware resources, like CPU, memory, and storage, offered by AWS for running a virtual server in the cloud.
Integrity
Integrity is the assurance that data has not been altered or tampered with in an unauthorized way, preserving its accuracy and consistency from source to destination.
Intent-based networking
Intent-based networking is an approach to network management where you tell the network what you want it to do (the intent), and the network automatically configures itself to achieve that goal.
Inter-VLAN routing
Inter-VLAN routing is the process of forwarding network traffic between different VLANs to enable communication across logically separated broadcast domains.
Interface
An interface is a point of connection or interaction between two systems, devices, or software components that allows them to exchange information or signals.
Interface endpoint
An interface endpoint is a private IP address inside a Virtual Private Cloud that provides direct, secure access to supported AWS services without traversing the public internet.
Intermediate Distribution Frame
An Intermediate Distribution Frame (IDF) is a physical wiring closet or rack that connects and manages the cabling between a building's main telecommunications room and the end-user devices on a specific floor or area.
Intermediate System to Intermediate System
A routing protocol used within large enterprise networks to exchange routing information between routers, helping data find the best path across the network.
Internal Border Gateway Protocol
Internal Border Gateway Protocol (IBGP) is a version of BGP used to exchange routing information between routers within a single autonomous system (AS).
Internal Gateway Protocol
An Internal Gateway Protocol is a routing protocol used to exchange routing information within a single autonomous system, such as a corporate network or an internet service provider's internal network.
International Organization for Standardization
The International Organization for Standardization, or ISO, is an independent global body that creates and publishes voluntary standards to ensure quality, safety, and efficiency in products, services, and systems across many industries, including IT.
Internet
The Internet is a global network of interconnected computers that communicate using standardized protocols to share information and services.
Internet gateway
An Internet gateway is a cloud networking component that provides a connection between a virtual private cloud (VPC) and the public Internet, enabling resources in the VPC to send and receive traffic to and from the Internet.
Internet Group Management Protocol
IGMP is a communication protocol used by devices on a network to report their membership in multicast groups to nearby routers, enabling efficient group data delivery.
Internet Key Exchange
Internet Key Exchange (IKE) is a protocol used to set up a secure, encrypted connection between two devices by automatically negotiating and exchanging encryption keys over an untrusted network like the internet.
Internet Mail Access Protocol
Internet Mail Access Protocol (IMAP) is a standard email protocol that lets you read and manage emails stored on a mail server from multiple devices, keeping everything synchronized.
Internet of Things
The Internet of Things (IoT) is a network of physical devices, vehicles, appliances, and other objects embedded with sensors and software that connect to the internet to collect and exchange data.
Internet Protocol
Internet Protocol (IP) is the set of rules that governs how data is addressed, routed, and sent from one device to another across networks, including the internet.
Internet Protocol Address Management
Internet Protocol Address Management (IPAM) is the practice of planning, tracking, and managing the assignment and use of IP addresses on a network to ensure devices can communicate without conflict.
Internet Protocol Security
Internet Protocol Security (IPsec) is a suite of protocols that encrypts and authenticates data packets sent over IP networks to ensure private and secure communication.
Internet Service Provider
A company that provides individuals and organizations access to the internet, typically for a fee.
Intranet
An intranet is a private, internal network used by an organization to share information, resources, and tools securely among employees.
Intrusion Detection System
An Intrusion Detection System (IDS) is a security tool that monitors network traffic or system activities for malicious actions or policy violations and sends alerts to administrators.
Intrusion Prevention System
An Intrusion Prevention System (IPS) is a network security tool that monitors network traffic and actively blocks threats like malware and cyberattacks in real time.
Intune
Microsoft Intune is a cloud-based service that helps organizations manage their users' devices and applications, ensuring security and compliance without needing to own or control the physical hardware.
Inventory
Inventory is the complete list of hardware, software, and network assets that an organization owns or manages, tracked for maintenance, security, and budgeting purposes.
Inventory management
Inventory management is the process of tracking, organizing, and maintaining records of all hardware, software, licenses, and digital assets an organization owns, ensuring availability and compliance.
Inverter
An inverter is a circuit in a mobile device's display assembly that converts DC power into AC power to light the backlight, typically in older LCD screens.
IOA
IOA (Indicator of Attack) is a security concept that focuses on detecting the intent and sequence of actions leading up to a cyber attack, rather than just the artifacts left behind after a breach.
IOC
IOC stands for Indicator of Compromise, which is forensic evidence that a system has been breached or infected by malware.
IOPS
IOPS measures how many input/output operations a storage device can perform per second, indicating its speed and responsiveness.
iOS
iOS is Apple's mobile operating system that powers iPhones and iPads, providing a secure and user-friendly platform for apps and services.
IoT
IoT (Internet of Things) is a network of physical devices embedded with sensors and software to connect and exchange data over the internet.
IoT Hub
IoT Hub is a managed cloud service in Azure that acts as a central message hub for secure, bidirectional communication between IoT devices and the cloud.
ip
IP (Internet Protocol) is the set of rules that govern how data packets are sent and received between devices across networks, using unique addresses to identify each device.
IP address
An IP address is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
IP conflict
An IP conflict occurs when two devices on the same network attempt to use the same IP address, causing communication disruptions.
IP helper address
A Cisco IOS command that forwards broadcast traffic from one subnet to a specific server on another subnet, allowing devices to obtain IP configuration or other services without needing a router or server on their local network.
IP SLA
IP SLA (Service-Level Agreement) is a Cisco feature that actively monitors network performance by generating and measuring synthetic traffic between devices.
IP SLA for Path Control
IP SLA for Path Control is a Cisco technology that uses active network measurements to dynamically influence routing decisions and redirect traffic along a preferred path when network conditions change.
IP Source Guard
IP Source Guard is a network security feature that blocks IP address spoofing by verifying that each packet's source IP address matches an authorized binding assigned to that switch port.
IPAM
IPAM (IP Address Management) automates the planning, tracking, and management of IP address space on a network.
IPP
IPP (Internet Printing Protocol) is a network protocol that allows computers to send print jobs to printers over a network or the internet.
IPS
An Intrusion Prevention System (IPS) is a network security device that monitors traffic in real time and automatically blocks threats before they reach your systems.
IPsec
IPsec is a suite of protocols used to secure Internet Protocol (IP) communications by encrypting and authenticating each IP packet in a data stream.
IPsec DMVPN
IPsec DMVPN is a Cisco technology that combines Dynamic Multipoint VPN with IPsec encryption to securely connect multiple branch offices to a central hub over the internet without needing permanent tunnels.
IPsec Tunnel
An IPsec tunnel is a secure, encrypted connection between two network devices that protects data as it travels across the internet or another untrusted network.
iptables
iptables is a command-line firewall utility in Linux that uses rules to allow or block network traffic based on packet attributes like source IP, destination port, or protocol.
IPv4
IPv4 is the fourth version of the Internet Protocol, a set of rules that assigns unique numerical addresses to devices so they can communicate over networks like the internet.
IPv4 address
An IPv4 address is a unique 32-bit numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
IPv4 Subnetting
IPv4 subnetting is the process of dividing a single IP network into smaller, more manageable segments to improve performance, security, and address efficiency.
IPv6
IPv6 is the most recent version of the Internet Protocol, designed to replace IPv4 by providing a vastly larger number of unique addresses and improved network features.
IPv6 address
An IPv6 address is a 128-bit numeric label used to identify a device on an Internet Protocol network, designed to replace IPv4 due to the exhaustion of available addresses.
IPv6 global unicast
An IPv6 global unicast address is a public, globally unique IP address assigned to a single network interface, allowing direct communication over the Internet.
IPv6 link-local
An IPv6 link-local address is a self-assigned, non-routable address used for communication between devices on the same network segment without needing a central server.
IPv6 Next Hop Resolution
IPv6 Next Hop Resolution is the process a router uses to determine the next router or destination device to which a packet should be forwarded, based on the destination IPv6 address and the routing table.
IPv6 Routing EIGRPv6
EIGRPv6 is the version of the Enhanced Interior Gateway Routing Protocol that routes IPv6 traffic, enabling routers to exchange IPv6 network information dynamically.
IPv6 Routing OSPFv3
OSPFv3 is a routing protocol that lets routers share information about how to reach destinations in an IPv6 network, updating routes automatically as the network changes.
IS-IS
IS-IS is a link-state routing protocol used in large IP and OSI networks, known for its fast convergence and hierarchical design.
ISO 27001
ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Isolation
Isolation is the process of separating a compromised or suspicious system from a network to prevent the spread of malware or unauthorized access.
ISP
An ISP is a company that provides individuals and organizations access to the Internet, along with related services like email and web hosting.
IT asset management
IT asset management (ITAM) is the process of tracking, managing, and optimizing all technology equipment, software, and services an organization owns or leases.
IT service management
IT service management (ITSM) is a set of practices for designing, delivering, managing, and improving the way IT services are provided to users and customers.
ITSM
ITSM (Information Technology Service Management) is a set of practices for designing, delivering, managing, and improving IT services to meet business needs.
Jitter
Jitter is the unwanted variation in the delay of data packet delivery over a network, causing inconsistent communication timing.
Job rotation
Job rotation is a security governance practice where employees periodically switch roles or responsibilities to reduce risk, prevent fraud, and ensure organizational resilience.
Jobs and CronJobs
A Kubernetes Job is a controller that runs one or more Pods to completion for a finite task, while a CronJob schedules Jobs to run at specific times or intervals.
John the Ripper
John the Ripper is a free and open-source password cracking tool used by security professionals to test password strength and by attackers to guess credentials.
journalctl
Journalctl is a command-line tool used to view and query logs collected by the systemd journal, which stores system and application messages on Linux systems.
journald
journald is the systemd logging service that collects, stores, and manages system logs on modern Linux distributions, providing structured log data and binary log files.
JSON
JSON is a lightweight, text-based format for storing and exchanging data that is easy for humans to read and write and easy for machines to parse and generate.
JSON and XML in Networking
JSON and XML are two common data formats used in network automation and programmability to exchange structured information between network devices and management systems.
Jump server
A jump server is a secured, intermediary server that administrators use to access and manage other systems within a protected network zone.
Just-enough access
Just-enough access is an identity and access management principle that grants users only the minimum permissions required to perform their specific job tasks, reducing security risks.
Just-in-time access
Just-in-time access is a security method that grants users elevated permissions only for a limited time exactly when they need them, then automatically removes those permissions.
JWT
A JSON Web Token (JWT) is a compact, self-contained token used to securely transmit information between parties as a JSON object.
Kanban Method
The Kanban Method is a visual workflow management system that helps teams limit work in progress and improve continuous delivery by pulling tasks through a process only when capacity allows.
Keep it simple and practical
A principle in ITIL that encourages focusing on straightforward, workable solutions instead of unnecessarily complex processes or designs.
Kerberoasting
Kerberoasting is an attack where a hacker steals service account password hashes from Active Directory to crack them offline and gain unauthorized access.
Kerberos
Kerberos is a network authentication protocol that uses tickets and symmetric-key cryptography to verify the identity of users and services in a secure, non-repudiable way.
Kernel
The kernel is the core program of an operating system that manages hardware resources and provides essential services for all other software to run.
Kernel module
A kernel module is a piece of code that can be loaded into or removed from the Linux kernel at runtime to add or remove support for hardware, filesystems, or system calls without rebooting.
Kernel panic
A kernel panic is a critical system error that occurs when the operating system's core (the kernel) encounters an unrecoverable fault, causing the system to stop all operations and often display an error message or a screen of death.
Key escrow
Key escrow is a system where cryptographic keys are stored securely with a third party so that authorized parties can access encrypted data when the original key holder is unavailable or when lawful access is required.
Key management
Key management is the process of creating, storing, distributing, using, rotating, and destroying cryptographic keys securely throughout their entire lifecycle.
Key pair
A key pair is a set of two cryptographic keys—a public key and a private key—used together to encrypt and decrypt data or to create and verify digital signatures.
Key phrase extraction
Key phrase extraction is an Azure AI service feature that automatically identifies and extracts the most important words and phrases from a piece of text.
Key rotation
Key rotation is the process of replacing an old cryptographic key with a new one to maintain security and limit the damage from a potential key compromise.
Key stretching
Key stretching is a technique that makes a weak password or key stronger by processing it through a slow, resource-intensive function to deter brute-force attacks.
Key Vault Secrets
Key Vault Secrets are secure containers in Microsoft Azure that store sensitive information like passwords, connection strings, and API keys, keeping them encrypted and accessible only to authorized applications and users.
Keyboard-Video-Mouse
A Keyboard-Video-Mouse (KVM) is a hardware device that allows you to control multiple computers using a single keyboard, monitor, and mouse.
Keylogger
A keylogger is a type of surveillance software or hardware that records every keystroke you type on your keyboard, often used without your knowledge to steal passwords and other sensitive information.
Kill chain
A kill chain is a step-by-step model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.
Kinesis
Kinesis is a managed service for real-time data streaming, processing, and analysis at scale.
Kinesis Data Streams
Kinesis Data Streams is a managed service that collects and processes large streams of data records in real time, allowing applications to analyze and react to incoming information as it arrives.
KMS
KMS (Key Management Service) is a Microsoft technology that automates volume licensing activation for Windows and Office products within an organization's network.
KMS encryption
KMS encryption is a managed service that creates, stores, and controls cryptographic keys used to encrypt data in the cloud.
Knowledge base
A knowledge base is a centralized digital repository of information, procedures, and solutions that IT professionals use to troubleshoot issues and learn best practices.
Knowledge management
Knowledge management is the systematic process of capturing, organizing, storing, and sharing an organization's collective expertise to improve efficiency, decision-making, and innovation.
Knowledge store
A Knowledge store is a structured, queryable repository that securely stores the output of AI-powered knowledge mining pipelines, enabling users to search, analyze, and retrieve insights from unstructured data sources such as documents, images, and web pages.
known_hosts
A file used by SSH to store the public keys of remote servers, allowing the client to verify the server's identity and prevent man-in-the-middle attacks.
KQL
Kusto Query Language is a powerful read-only query language used to explore, analyze, and visualize large datasets, most notably in Azure Data Explorer and Microsoft Sentinel.
kubeadm Cluster Setup
kubeadm is a command-line tool that helps you create and manage a Kubernetes cluster by automating the setup of control plane and worker nodes.
kubectl Command Reference
kubectl is the command-line tool used to interact with and manage Kubernetes clusters by sending commands to the Kubernetes API.
kubectl Debug
kubectl debug is a Kubernetes command that creates a temporary container in a pod to help troubleshoot and diagnose issues without affecting the running application.
kubelet Security
Kubelet security refers to the practices and configurations that protect the kubelet, the primary node agent in Kubernetes, from unauthorized access and malicious actions.
Kubernetes API Primitives
Kubernetes API Primitives are the basic building blocks that the Kubernetes API uses to represent and manage the state of a cluster, such as Pods, Services, Deployments, and Namespaces.
Kubernetes Architecture
Kubernetes architecture is the structural design of a system that automatically deploys, scales, and manages containerized applications across a cluster of machines.
Kubernetes cluster
A set of machines, called nodes, that work together to run and manage containerized applications using Kubernetes orchestration software.
Kubernetes Node Roles
Kubernetes Node Roles are labels assigned to machines in a cluster that define whether a node runs application containers (worker) or manages the cluster (control plane).
Kubernetes RBAC
Kubernetes RBAC is a security mechanism that controls who can access and perform actions on resources in a Kubernetes cluster based on their role.
Kubernetes security
Kubernetes security is the practice of protecting containerized applications, the Kubernetes cluster itself, and the underlying infrastructure from unauthorized access, data breaches, and system vulnerabilities.
Kubernetes Services
A Kubernetes Service is a stable network endpoint that connects a set of pods to internal or external traffic, providing consistent access even as pods change.
Kusto Query Language
Kusto Query Language (KQL) is a read-only, high-performance query language used to analyze large datasets, especially for log monitoring, security investigations, and operational analytics in Microsoft Azure.
KVM switch
A KVM switch is a hardware device that allows you to control multiple computers from a single keyboard, monitor, and mouse.
Kyverno Policy Engine
Kyverno Policy Engine is a Kubernetes-native tool that enforces rules on resources to ensure security, compliance, and best practices across your cluster.
L2 Security Features
L2 Security Features are network security mechanisms that operate at Layer 2 of the OSI model to protect local network traffic from threats like MAC spoofing, ARP attacks, and unauthorized access.
Label
A label is a piece of metadata attached to data, objects, or resources to identify, classify, or describe them for easier management and retrieval.
Labels
Labels are descriptive text or tags attached to IT resources to organize, identify, and manage them based on attributes like purpose, environment, or owner.
LACP
LACP is a protocol that automatically combines multiple physical network links into a single logical link to increase bandwidth and provide redundancy.
Lambda
AWS Lambda is a serverless compute service that lets you run code in response to events without provisioning or managing servers.
Lambda environment variable
Key-value pairs that AWS Lambda makes available to your function code at runtime, used to pass configuration settings like database URLs or feature flags without hardcoding them.
Lambda function
A Lambda function is a piece of code that runs in the cloud without you having to manage any servers, and it only runs when you tell it to, saving you money and effort.
Lambda handler
A Lambda handler is the specific function in your code that AWS Lambda invokes to start processing an event, acting as the main entry point for your serverless application.
Lambda layer
A Lambda layer is a ZIP archive that contains libraries, custom runtimes, or other dependencies that you can use with your AWS Lambda functions.
Lambda memory
Lambda memory is the amount of RAM allocated to an AWS Lambda function, which also determines its CPU power and network throughput.
Lambda timeout
Lambda timeout is the maximum amount of time a serverless function is allowed to run before it is forcibly terminated by the cloud provider.
LAN
Local Area Network — a network confined to a single physical location such as an office, building, or campus.
Language detection
Language detection is an Azure AI service that automatically identifies the language of a piece of text without manual input.
LAPS
LAPS (Local Administrator Password Solution) is a Windows feature that automatically manages and rotates local administrator account passwords on domain-joined computers to prevent credential reuse and lateral movement in attacks.
Laptop
A portable personal computer that integrates a display, keyboard, touchpad, battery, and internal components into a single clamshell device for mobile computing.
Laptop battery
A rechargeable power source that provides electrical energy to a laptop computer when it is not connected to an AC power outlet.
Laser printer
A laser printer is a high-speed, high-volume output device that uses a laser beam and toner to produce precise text and graphics on paper.
Last usable address
The last assignable IP address in a subnet, which is one less than the broadcast address.
Latency
Latency is the time delay between a request being sent over a network and the response being received, often measured in milliseconds.
Latency routing
Latency routing is a DNS-based traffic management method that directs user requests to the server location which can provide the lowest network latency for that specific user.
Lateral movement
Lateral movement is the technique attackers use to move through a network from one compromised system to another, seeking sensitive data or higher privileges.
Launch configuration
A launch configuration is a template that specifies the settings for creating a group of identical virtual servers, such as instance type, AMI, security groups, and storage, used in auto-scaling setups.
Launch template
A launch template is a configuration blueprint that defines the settings for creating cloud computing instances, such as virtual machines, including the machine image, instance type, and network settings.
Layer 2 switch
A Layer 2 switch is a network device that forwards data frames based on the MAC addresses found in the frame headers, operating within a single local area network segment.
Layer 3 switch
A network device that combines the high-speed switching of a Layer 2 switch with the routing capabilities of a router, allowing it to forward traffic based on both MAC and IP addresses.
LC connector
A small, push-pull fiber optic connector with a 1.25 mm ferrule, commonly used for high-density data center and telecommunications connections.
LCD display
An LCD display is a flat-panel screen that uses liquid crystals sandwiched between polarized glass layers to create images when electric current passes through them.
LDAP
LDAP is a protocol used to access and manage directory information over a network, such as user accounts and permissions.
LDAP Enumeration
LDAP Enumeration is the process of querying a Lightweight Directory Access Protocol server to gather information about users, groups, computers, and other network resources in an organization.
LDAPS
LDAPS is a secure version of LDAP that encrypts all directory service communications using SSL or TLS.
LDAPS
LDAPS encrypts LDAP traffic using SSL/TLS to secure directory queries and authentication over a network.
LDP Protocol
LDP, or Label Distribution Protocol, is a protocol that routers use to automatically exchange labels that enable MPLS (Multiprotocol Label Switching) to create fast, efficient paths for data packets across a network.
Leadership Styles
Leadership styles are the different approaches a project manager uses to guide, motivate, and direct a team toward achieving project goals.
Learning state
In Spanning Tree Protocol (STP), the learning state is a temporary port state where the switch builds its MAC address table from incoming frames but does not yet forward user data, ensuring no loops are formed.
Leased line
A dedicated, uncontended telecommunications circuit rented from a service provider that provides a fixed, symmetrical bandwidth connection between two locations.
Least privilege
Least privilege is a security principle that means giving users, systems, or programs only the minimum permissions they need to do their job and nothing more.
LED display
An LED display is a flat-panel screen that uses an array of light-emitting diodes as pixels for image generation, commonly used in mobile devices, monitors, and televisions.
Legal compliance
Legal compliance is the process of ensuring that an organization's IT systems, data handling, and business practices follow all applicable laws, regulations, and industry standards.
Legal requirement
A legal requirement is a mandatory rule or standard set by law or regulation that an organization must follow, often concerning data protection, privacy, or security practices.
Lessons learned
Lessons learned is the process of capturing, analyzing, and documenting knowledge gained from past incidents or projects to improve future security operations and prevent recurrence of problems.
Liability
Liability in IT refers to the legal and financial responsibility an organization or individual bears for data breaches, security failures, or compliance violations arising from inadequate planning and scoping of systems and processes.
Library
In Azure DevOps, a Library is a central repository for managing reusable content like variable groups and secure files that can be shared across multiple pipelines.
License assignment
License assignment is the process of linking a purchased software license to a specific user or device so that they are authorized to use the software.
Licensing
Licensing in IT refers to the legal agreements and permissions that govern how software, hardware, or digital content can be used, distributed, and managed.
Lifecycle management
Lifecycle management is the process of overseeing data from its creation or capture through its use, maintenance, and eventual deletion or archiving.
Lifecycle rule
A lifecycle rule is a set of automated policies that move or delete data based on its age or other conditions, helping manage storage costs and compliance.
Light-emitting Diode
A light-emitting diode (LED) is a semiconductor device that emits light when an electric current passes through it, commonly used as an indicator or illumination source in electronic devices.
Lightweight Directory Access Protocol
Lightweight Directory Access Protocol (LDAP) is a standard protocol used to access and manage directory information over a network, such as user credentials and permissions.
Likelihood
Likelihood is the estimated probability that a specific threat will exploit a vulnerability, causing harm to an IT asset or system.
Line-of-business app
A line-of-business app is a software application that is essential for running a specific core business process, such as accounting, inventory management, or customer relationship management.
Link aggregation
Link aggregation combines multiple physical network connections into a single logical link to increase bandwidth and provide redundancy.
Link Aggregation Control Protocol
Link Aggregation Control Protocol (LACP) is a standard protocol that automatically bundles multiple physical network links into a single logical link to increase bandwidth and provide redundancy.
Link Layer Discovery Protocol
Link Layer Discovery Protocol (LLDP) is a vendor-neutral protocol used by network devices to advertise their identity, capabilities, and neighbors over a local area network.
Link-local address
A link-local address is a network address that is automatically assigned to a device for communication only within a single network segment, without needing a router or external server.
Linked service
A linked service is a connection definition in Azure Data Factory or Azure Synapse that tells the service how to connect to an external data source or compute resource.
Linux
Linux is an open-source operating system that manages computer hardware and software, widely used in servers, desktops, and embedded systems.
Linux Commands
Linux commands are text-based instructions typed into a terminal to manage files, run programs, configure the system, and troubleshoot issues on a Linux operating system.
Liquid cooling
Liquid cooling is a method of removing heat from computer components by circulating a liquid coolant through a closed loop system instead of using air-based fans alone.
Liquid Crystal Display
A flat-panel display technology that uses liquid crystals manipulated by electric current to produce images, commonly used in monitors and laptop screens.
LISP Protocol
LISP (Locator/ID Separation Protocol) is a networking architecture that separates a device's identity from its location, making routing more scalable and flexible.
Listening state
A transitional state in the Spanning Tree Protocol where a port listens for Bridge Protocol Data Units (BPDUs) to learn the network topology but does not forward or learn MAC addresses.
Liveness Probes
A liveness probe is a Kubernetes health check that tells the system whether a container is running properly and should be kept alive or restarted.
Living off the land
Living off the land is an attack technique where cybercriminals use the legitimate tools and software already installed on a computer system to carry out malicious activities, making them harder to detect.
LLDP
LLDP (Link Layer Discovery Protocol) is a vendor-neutral protocol used by network devices to advertise their identity, capabilities, and neighbors on a local Ethernet network.
Load balancer
A load balancer is a device or software that distributes incoming network traffic across multiple servers so no single server gets overwhelmed.
Local administrator password solution
A method or tool used to manage, rotate, and secure the built-in administrator passwords on individual computers, laptops, and servers to prevent unauthorized access.
Local Area Network
A Local Area Network (LAN) connects computers and devices within a small physical area, such as a home, office, or school, allowing them to share resources like files, printers, and internet access.
Local Connector
A local connector is a cable or port used to link a device like a computer to a nearby peripheral or network within the same immediate area.
Local route
A local route is a routing table entry for a directly connected network interface IP address, created automatically when an IP address is assigned to that interface.
Local secondary index
A local secondary index is a data structure in a database that allows you to query items using an alternate sort key, while keeping the same primary key, within a single table partition.
Local Users and Groups
Local Users and Groups is a Windows tool that lets you create, manage, and organize user accounts and security groups directly on a single computer, controlling who can log on and what they can do.
Local Zone
A Local Zone is an extension of a cloud provider's region that places compute, storage, and networking resources closer to a specific geographic area to reduce latency for end users.
Locally redundant storage
Locally redundant storage (LRS) is a replication strategy that creates multiple synchronous copies of your data within a single data center in one region, protecting against local hardware failures.
Location services
Location services are features on mobile devices that use GPS, Wi-Fi, cellular networks, or other sensors to determine the device's geographic location for apps and system functions.
Log Analysis
Log analysis is the process of reviewing and interpreting system-generated records to understand what happened in an application or infrastructure.
Log Analytics
Log Analytics is a cloud-based service that collects, analyzes, and visualizes machine-generated log data from various sources to help IT teams monitor systems and troubleshoot issues.
Log Analytics workspace
A Log Analytics workspace is a unique environment in Azure Monitor where log data from various sources is collected, stored, and queried for analysis and reporting.
Log file
A log file is a computer file that records events, actions, or messages generated by software, operating systems, or hardware so that IT professionals can review what happened at a specific time.
Log management
Log management is the process of collecting, storing, analyzing, and disposing of log data generated by computer systems, networks, and applications to ensure security, compliance, and operational health.
Log retention
Log retention is the practice of storing log data for a defined period to meet security, compliance, and operational needs.
Log source
A log source is any system, device, or application that generates and records event data, such as timestamps and activities, for monitoring and security analysis.
Logic bomb
A logic bomb is a piece of malicious code that lies dormant inside a system until a specific condition or event triggers it to execute harmful actions.
Logical volume
A logical volume is a virtual storage unit created from one or more physical hard drives that can be resized, moved, or snapshotted without disrupting the system.
Long polling
Long polling is a technique where a client requests data from a server, and the server holds the request open until new data is available or a timeout occurs, then sends a response and the client immediately reconnects.
Long-term Evolution
Long-Term Evolution (LTE) is a high-speed wireless communication standard for mobile phones and data terminals, often called 4G LTE.
Longest prefix match
Longest prefix match is the algorithm routers use to select the most specific route from a routing table when forwarding a packet to its destination.
Looker
Looker is a business intelligence and data analytics platform from Google Cloud that lets you explore, visualize, and share insights from your data without needing deep technical skills.
Looker Studio
Looker Studio is a cloud-based data visualization and business intelligence platform that lets you create interactive dashboards and reports from various data sources.
Loop Guard
Loop Guard is a Spanning Tree Protocol (STP) enhancement that prevents network loops by placing a blocked port into a loop-inconsistent state if it stops receiving Bridge Protocol Data Units (BPDUs), rather than transitioning it to a forwarding state.
Loopback address
A loopback address is a special IP address that a device uses to send a message to itself, primarily for testing network software without requiring physical network hardware.
Loopback plug
A loopback plug is a small device used to test network ports by sending a signal out and immediately receiving it back, verifying that the port is working without needing another device.
Loops
A loop is a programming construct that repeats a block of code multiple times until a certain condition is met or until all items in a collection have been processed.
Loose coupling
Loose coupling is a design principle where components in a system depend on each other as little as possible, so changes to one part don't force changes in others.
Low-level formatting
Low-level formatting is the process of physically structuring a hard drive by creating tracks and sectors on the magnetic platters so the drive can store data.
LRS
An LRS (Learning Record Store) is a system that collects, stores, and retrieves learning data from various training activities, often used to track progress in IT certification study programs.
LSA
A Link State Advertisement (LSA) is a data packet used by the OSPF routing protocol to share information about network links and topology with neighboring routers.
LSA
A Link State Advertisement is a data packet used by OSPF routers to share information about their directly connected links and the state of those links with all other routers in the OSPF network.
LSDB
The Link State Database is a table maintained by OSPF routers that stores the complete network topology, including all links and routers, to calculate the best paths.
lsmod
lsmod is a Linux command that displays which kernel modules are currently loaded into the operating system, helping with system management and troubleshooting.
LTE
LTE (Long-Term Evolution) is a 4G wireless broadband standard that provides high-speed data for mobile devices and networks.
lvextend
lvextend is a Linux command used to increase the size of an existing Logical Volume in LVM (Logical Volume Manager) without disrupting the data or the system.
LVM
LVM (Logical Volume Manager) is a storage management system that allows you to create, resize, and manage disk partitions flexibly without needing to repartition the physical disk.
M.2
M.2 is a small, internal connector used in computers to attach compact expansion cards like solid-state drives and Wi-Fi modules directly to the motherboard.
MAB Authentication
MAB Authentication is a network access control method that grants or denies device access to a network by checking the device's MAC address against a list of approved addresses.
MAC
MAC (Media Access Control) is a unique hardware identifier assigned to network interfaces for communication on a local network segment.
MAC address
A MAC address is a unique hardware identifier assigned to a network interface card that allows devices to communicate on a local network.
MAC address table
A MAC address table is a data structure stored in a network switch that maps each of its ports to the MAC addresses of connected devices, enabling the switch to forward frames only to the correct destination.
MAC filtering
MAC filtering is a security practice that allows or denies network access to devices based on their unique Media Access Control (MAC) address.
Machine learning
Machine learning is a branch of artificial intelligence where computers learn patterns from data to make decisions or predictions without being explicitly programmed for every task.
Machine Learning in Assurance
Machine Learning in Assurance means using AI algorithms to automatically verify that network devices are configured correctly, secure, and operating as intended.
Machine type
A machine type defines the virtual hardware resources (vCPU, memory, and sometimes GPU) assigned to a virtual machine instance in a cloud computing environment.
Macie
Amazon Macie is a fully managed data security and privacy service that uses machine learning and pattern matching to discover, classify, and protect sensitive data stored in Amazon Web Services (AWS).
macOS
macOS is the operating system that powers Apple's Mac computers, providing a graphical interface, system management, and security features for users and IT professionals.
macOS Features
macOS features are the built-in tools, utilities, and functionalities in Apple's operating system that control how a Mac computer works, including security, file management, and user interface elements.
MACsec
MACsec (Media Access Control Security) is a security protocol that encrypts and authenticates data at the Ethernet frame level to protect traffic on local area networks.
Magic number subnetting
A quick subnetting method that uses the subnet mask's interesting octet to find the network size, often called the magic number (256 minus the mask octet).
Mail Exchange
A Mail Exchange record is a type of DNS record that specifies which mail server is responsible for receiving email messages on behalf of a domain.
Mail flow rule
A mail flow rule is a rule set by an email administrator that automatically handles incoming or outgoing messages based on conditions like sender, recipient, or content.
Mailbox
A mailbox is a storage location on a mail server where incoming and outgoing email messages are kept for a user or group.
Main Distribution Frame
A Main Distribution Frame is the central point in a building or campus where all external telecommunication cables are terminated and connected to internal network wiring.
Maintenance kit
A maintenance kit is a collection of replacement parts, usually including a fuser and transfer roller, used to restore a laser printer to like-new performance after a certain number of pages.
Maintenance window
A scheduled period during which IT systems can be taken offline for updates, patches, or repairs with minimal business disruption.
Maltego
Maltego is a graphical open-source intelligence tool used for information gathering and reconnaissance, enabling users to map and visualize relationships between entities like people, domains, and networks.
Malware
Malware is any software intentionally designed to cause damage, disrupt operations, steal data, or gain unauthorized access to computer systems.
Malware analysis
Malware analysis is the process of examining malicious software to understand its behavior, origin, and impact, enabling defenders to detect, contain, and prevent future attacks.
Malware Removal Process
The malware removal process is a systematic, step-by-step method IT professionals use to identify, isolate, remove, and prevent malicious software from infected computers or networks.
Malware symptoms
Malware symptoms are the observable signs on a computer or network that indicate a malicious program may have infected the system, such as slow performance, unexpected pop-ups, or unusual network activity.
MAM
Mobile Application Management (MAM) is a set of technologies and policies that allow IT administrators to manage and secure corporate applications on mobile devices without managing the entire device.
MAN
A Metropolitan Area Network (MAN) is a computer network that spans a geographic area larger than a local area network (LAN) but smaller than a wide area network (WAN), typically covering a city or a large campus.
Man-in-the-middle attack
A cyberattack where an attacker secretly intercepts and potentially alters communication between two parties who believe they are directly communicating with each other.
Manageability
Manageability is the ease with which IT administrators can monitor, configure, update, and troubleshoot cloud resources and systems, often through centralized tools and automation.
Managed Detection and Response
A cybersecurity service that continuously monitors an organization's network and systems to detect threats and respond to them quickly.
Managed disk
A managed disk is a cloud-based virtual hard drive that Azure automatically creates, manages, and scales for your virtual machines so you don't have to worry about storage infrastructure.
Managed identity
A managed identity is an automatically managed service principal in Azure that allows your code to authenticate to any service that supports Azure AD authentication without storing credentials.
Managed instance group
A managed instance group is a collection of identical virtual machine instances that are automatically managed as a single unit to ensure high availability and scalability.
Managed service
A managed service is an IT offering where a third-party provider takes full responsibility for maintaining, monitoring, and supporting a specific technology or system on behalf of a customer.
Management group
A Management group is a container in Microsoft Azure that helps you organize and manage access, policies, and compliance across multiple Azure subscriptions.
Management Group Design
A logical hierarchy of Azure management groups that organizes subscriptions and applies governance policies consistently across an organization.
Management Information Base
A Management Information Base (MIB) is a virtual database that stores information about network devices, organized as a hierarchical tree, which network management tools use to monitor and control those devices.
Management Plane Protection
A security feature that restricts which interfaces and IP addresses can be used to manage a network device, protecting the control plane from unauthorized administrative access.
Management VLAN
A Management VLAN is a dedicated virtual local area network used to secure and separate administrative access to network devices like switches and routers from regular user data traffic.
Mandatory vacation
Mandatory vacation is a security control that requires employees to take a consecutive period of leave so that any unauthorized activities or irregularities in their work can be detected by others.
Mapped drive
A mapped drive is a shortcut that assigns a drive letter to a shared folder on a network, making it appear as if it is a local storage device on your computer.
Mapping data flow
Mapping data flow is the process of visually or programmatically defining how data moves from source to destination, including transformations and processing steps, within Azure data services.
Mapping template
A mapping template is a reusable blueprint that defines how data fields from one system or format are transformed and transferred to another, ensuring consistency in data integration tasks.
Master service agreement
A master service agreement is a legal contract between a service provider and a client that sets the general terms and conditions for all future work and projects, so they don't have to be renegotiated each time.
Maximum tolerable downtime
Maximum tolerable downtime (MTD) is the total amount of time a business process or system can be unavailable before causing irreparable harm to the organization.
Maximum Transmission Unit
The Maximum Transmission Unit (MTU) is the largest size of a data packet that can be sent over a network connection without needing to be broken into smaller pieces.
MBR
MBR is a 512-byte boot sector that stores partition table and boot code, enabling a computer to load an operating system.
MDF
MDF (Main Distribution Frame) is the central point where external telecommunication lines enter a building and are connected to internal network wiring.
MDIX
MDIX (Medium Dependent Interface Crossover) is a twisted-pair Ethernet port that internally crosses the transmit and receive pairs for direct device connections.
MDM
MDM stands for Mobile Device Management, a technology that allows IT administrators to securely manage, monitor, and enforce policies on mobile devices like smartphones and tablets from a central console.
Mean Time To Repair
Mean Time To Repair (MTTR) is the average time it takes to fix a failed component or system and restore it to full operation.
Measured service
Measured service is a cloud computing feature where the provider automatically tracks and controls resource usage, and customers pay only for what they consume, like a utility bill.
Media Access Control
Media Access Control (MAC) is a sublayer of the Data Link Layer in networking that controls how devices on the same network share access to the physical medium and uniquely identifies each device with a hardware address.
Media converter
A media converter is a networking device that connects two different types of network cables, such as changing from copper Ethernet to fiber optic, allowing them to communicate on the same network.
Medium Dependent Interface Crossover
A Medium Dependent Interface Crossover (MDIX) is a special Ethernet cable that swaps the transmit and receive wire pairs so two similar devices can connect directly without a switch or hub.
Meeting policy
A meeting policy is a set of rules and configurations that control how online meetings are created, joined, and conducted within a collaboration platform.
Memcached
Memcached is a high-performance, distributed memory caching system that speeds up dynamic web applications by storing data in RAM to reduce database load.
Memorandum of Understanding
A Memorandum of Understanding (MOU) is a formal document that outlines the general terms and intentions of an agreement between two or more parties before a legally binding contract is signed.
Memory Acquisition
Memory acquisition is the process of capturing the contents of a computer's volatile memory to preserve data for forensic analysis and incident response.
Memory capture
Memory capture is the process of preserving the contents of a computer's volatile memory (RAM) for forensic analysis during incident response.
Memory leak
A memory leak happens when a program uses up system memory but never releases it, slowly eating away at available memory until the computer slows down or crashes.
Memorystore
A fully managed in-memory data store service that provides Redis and Memcached for caching, session storage, and real-time data processing.
Merge conflict
A merge conflict is a situation that occurs when version control software cannot automatically reconcile conflicting changes made to the same part of a file by different contributors.
Mesh topology
A network topology where every device is connected to every other device, providing high fault tolerance and redundancy through multiple data paths.
Message center
A centralized dashboard within a software platform that displays system notifications, alerts, and messages about account status, security events, and service updates.
Messaging policy
A messaging policy is a set of rules that govern how an organization's email and instant messaging systems handle, route, secure, and retain messages to ensure compliance, security, and operational efficiency.
Metadata
Metadata is data that describes other data, providing context such as when a file was created, who created it, or its size.
Metadata server
A metadata server is a network-accessible service that provides configuration data, credentials, and instance-specific information to virtual machines running in a cloud environment like Google Cloud Platform.
Metasploit
Metasploit is a powerful penetration testing framework that helps security professionals find and exploit vulnerabilities in computer systems.
Meterpreter
Meterpreter is an advanced, dynamically extensible payload that provides an interactive command shell and post-exploitation capabilities within a memory-resident environment during a penetration test.
Metric
A metric is a quantifiable measurement used to assess the performance, health, or status of IT systems, networks, or applications.
Metrics Server
The Metrics Server is a cluster-wide aggregator of resource usage data in Kubernetes, collecting CPU and memory metrics from nodes and pods for autoscaling and monitoring.
Metro Ethernet
Metro Ethernet is a service that extends Ethernet networking across a metropolitan area, allowing businesses to connect multiple locations as if they were on the same local network.
Metropolitan Area Network
A Metropolitan Area Network (MAN) is a network that connects multiple locations across a city or large campus, providing high-speed communication like a single large network.
MFA
Multi-Factor Authentication (MFA) is a security method that requires a user to verify their identity using two or more different types of evidence, such as a password plus a code from a phone, before they can access an account or system.
MIB
A virtual database used by SNMP to organize and store managed device parameters as a structured tree of object identifiers (OIDs).
Micro-ATX
A compact motherboard form factor that offers most of the features of a standard ATX board in a smaller size, making it popular for budget and space-constrained builds.
Microphone
A microphone is an input device that converts sound waves into electrical signals for recording, communication, or voice control in computing systems.
Microsegmentation
Microsegmentation is a network security technique that divides a data center or cloud environment into small, isolated segments to control traffic between workloads, reducing the attack surface.
Microservices
Microservices is an architectural style where a software application is built as a collection of small, independent services, each handling a specific business function and communicating over a network.
Microservices Architecture
Microservices architecture is a way of building software as a collection of small, independent services that each handle one specific business function and communicate over a network.
Microsoft 365
Microsoft 365 is a subscription-based cloud service from Microsoft that combines productivity tools like Office apps with security, device management, and online storage.
Microsoft 365 admin center
The Microsoft 365 admin center is a web-based portal where IT administrators manage users, subscriptions, security, and settings for an organization's Microsoft 365 services.
Microsoft 365 group
A Microsoft 365 group is a membership object that provides a single identity for a set of users to collaborate across multiple Microsoft 365 services like Outlook, Teams, and SharePoint.
Microsoft 365 Security Design
Microsoft 365 Security Design is the process of planning and configuring built-in security features in Microsoft 365 to protect data, identities, and devices from cyber threats.
Microsoft 365 tenant
A Microsoft 365 tenant is a dedicated, isolated instance of Microsoft 365 services created for an organization when they sign up for a subscription.
Microsoft Authentication Library
A Microsoft library that helps developers easily add authentication to their applications so users can sign in with their Microsoft accounts or Azure Active Directory.
Microsoft Defender
Microsoft Defender is a suite of security products that protects devices, data, and identities from cyber threats like malware, phishing, and unauthorized access.
Microsoft Defender for Cloud
Microsoft Defender for Cloud is a cloud-native application protection platform that provides unified security management and advanced threat protection across multicloud and hybrid environments.
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is a cloud-delivered enterprise-grade security platform that protects devices, servers, and networks from advanced cyber threats by combining antivirus, endpoint detection and response, and automated investigation and remediation.
Microsoft Defender for Office 365
Microsoft Defender for Office 365 is a cloud-based email and collaboration security service that protects organizations against malicious threats like phishing, malware, and spam in email messages and Office 365 apps.
Microsoft Defender XDR
Microsoft Defender XDR is a unified security platform that automatically correlates alerts from across an organization's endpoints, email, identities, and cloud apps to stop complex attacks.
Microsoft Entra admin center
The Microsoft Entra admin center is a web-based portal where IT administrators manage user identities, security policies, and access permissions across cloud applications and devices.
Microsoft Entra Connect
Microsoft Entra Connect is a tool that synchronizes on-premises Active Directory identities with Microsoft Entra ID (formerly Azure AD) to enable single sign-on and centralized identity management.
Microsoft Entra ID
Microsoft Entra ID is a cloud-based identity and access management service that lets employees sign in and access resources both inside and outside of your organization.
Microsoft Entra joined device
A Microsoft Entra joined device is a computer or mobile device that is registered directly with an organization’s Microsoft Entra ID (formerly Azure AD) cloud identity service, allowing users to sign in with their work or school account and access cloud resources without needing a traditional on-premises Active Directory domain.
Microsoft Forms
Microsoft Forms is a cloud-based tool for creating surveys, quizzes, and polls to collect data and feedback.
Microsoft Identity Platform
Microsoft Identity Platform is a unified authentication and authorization service that enables applications to sign in users and access resources using Microsoft Entra ID and modern protocols.
Microsoft Intune
Microsoft Intune is a cloud-based service that helps organizations manage employee devices, apps, and security policies without needing to own or control the physical hardware.
Microsoft Loop
Microsoft Loop is a collaborative workspace platform that combines flexible canvas components, shared workspaces, and real-time co-authoring across Microsoft 365 apps.
Microsoft Purview
Microsoft Purview is a unified data governance and compliance service that helps organizations discover, manage, and protect their data across on-premises, cloud, and hybrid environments.
Microsoft Sentinel
Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration automation and response (SOAR) service that helps organizations detect, investigate, and respond to cyber threats across their entire digital estate.
Microsoft Sentinel Design
Microsoft Sentinel Design is the process of planning and architecting a cloud-native Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution using Microsoft Azure to protect an organization from cyber threats.
Microsoft Store app
A Microsoft Store app is a software program downloaded and installed from the Microsoft Store, designed to run in a sandboxed environment with limited system access for improved security and ease of management.
Microsoft Teams
Microsoft Teams is a collaboration platform that integrates chat, video meetings, file storage, and application integration into a single workspace, primarily used within the Microsoft 365 ecosystem.
Microsoft-hosted agent
A Microsoft-hosted agent is a virtual machine provided by Microsoft Azure DevOps that runs your build or release jobs without you having to manage or maintain the underlying infrastructure.
Mimikatz
Mimikatz is a powerful open-source tool used by attackers and security professionals to extract plaintext passwords, hashes, PINs, and Kerberos tickets from Windows memory.
MIMO
MIMO uses multiple antennas at both transmitter and receiver to improve wireless throughput and reliability without extra bandwidth.
Mini-ITX
Mini-ITX is a small form factor motherboard standard designed for compact desktop computers, balancing space savings with essential functionality.
Mini-serial Advanced Technology Attachment
Mini-Serial Advanced Technology Attachment (mSATA) is a compact form factor of the SATA interface used to connect solid-state drives to a computer’s motherboard, commonly found in laptops and small form-factor devices.
Misconfiguration
Misconfiguration is when a system, device, or software is set up incorrectly, leaving it vulnerable to attack or causing it to malfunction.
Missing DLL
A Missing DLL error occurs when a required Dynamic Link Library file is not found by the Windows operating system or an application, preventing the program from starting or running properly.
Mitigation
Mitigation is the process of reducing the severity, impact, or likelihood of a security threat or vulnerability.
MITRE ATT&CK
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations, used by security professionals to understand and defend against cyber threats.
mkfs
Creates a filesystem on a storage device, preparing it for data storage.
MMC
MMC is a Windows framework that hosts administrative tools called snap-ins for managing hardware, software, and network components.
Mobile app store
A mobile app store is a digital distribution platform that allows users to browse, download, and update software applications on mobile devices like smartphones and tablets.
Mobile application management
Mobile application management (MAM) is the practice of controlling and securing corporate apps and their data on employee-owned or company-provided mobile devices without managing the entire device.
Mobile CPU
A Mobile CPU is a computer processor designed specifically for laptops, tablets, and smartphones that balances performance with low power consumption to extend battery life and manage heat in compact devices.
Mobile device management
Mobile device management (MDM) is a security solution that allows IT administrators to enroll, configure, monitor, and enforce policies on smartphones, tablets, and other mobile devices used in an organization.
Mobile GPU
A mobile GPU is a specialized graphics processor designed for use in mobile devices such as smartphones, tablets, and laptops, handling rendering and display tasks while balancing performance with power efficiency.
Mobile hotspot
A mobile hotspot is a feature that turns a smartphone or dedicated device into a portable Wi-Fi access point, sharing its cellular data connection with other nearby devices.
Model
In IT and AI, a model is a trained mathematical representation that learns patterns from data to make predictions or decisions.
Modern workplace
The modern workplace is a Microsoft 365-powered digital environment that integrates productivity tools, collaboration platforms, security, and device management to enable secure, flexible, and efficient work from anywhere.
Modernization
Modernization is the process of updating legacy IT systems, applications, and infrastructure to use modern cloud-native technologies, architectures, and practices.
modprobe
modprobe is a Linux command used to add or remove kernel modules (drivers) from the running kernel safely, handling dependencies automatically.
Molex connector
A four-pin power connector used in older desktop computers to provide electrical power to internal drives and other peripherals.
Monitoring and event management
Monitoring and event management is the practice of continuously observing IT systems to detect, record, and respond to significant changes or incidents.
Monitoring dashboard
A monitoring dashboard is a visual display that shows the current status and performance of IT systems, networks, or applications in real time.
Monthly Enterprise Channel
The Monthly Enterprise Channel is a software update servicing option for Windows 10 and Windows 11 designed for enterprise environments that want to receive new features monthly while still maintaining a high level of stability and manageability.
Motherboard
The main circuit board inside a computer that connects all components so they can communicate with each other and receive power.
Motherboard Form Factors
A motherboard form factor is the standardized physical size, shape, mounting hole layout, and connector arrangement that determines what case and power supply a motherboard fits into.
MOU
A Memorandum of Understanding (MOU) is a non-binding agreement between parties outlining mutual goals and intentions for cooperation.
Mount
Mounting is the process of making a file system or storage device accessible to a computer's operating system by attaching it to a specific directory in the existing directory tree.
MP-BGP for VPN
MP-BGP for VPN is an extension of the Border Gateway Protocol that carries multiple types of network layer information to enable scalable, isolated virtual private networks over a shared provider infrastructure.
MPLS
MPLS (Multiprotocol Label Switching) is a data forwarding technology that uses short path labels instead of long network addresses to direct data efficiently across a network.
MPLS Label Distribution
MPLS Label Distribution is the process by which routers exchange labels that tell them how to forward packets across a network without looking at the IP address each time.
MPLS Layer 2 VPN
An MPLS Layer 2 VPN is a virtual private network technology that connects two or more customer sites at the data link layer, allowing them to communicate as if they were on the same local Ethernet segment, while using a service provider’s MPLS backbone.
MPLS Layer 3 VPN
A technology that uses Multiprotocol Label Switching to create secure, scalable virtual private networks that connect multiple sites at the network layer, where the service provider manages routing between customer sites.
MPO
MPO (Multi-Fiber Push On) is a fiber optic connector that terminates multiple fibers in a single ferrule, enabling high-density cabling.
MSConfig
MSConfig is a Windows system utility used to troubleshoot startup issues by managing boot settings, services, and startup programs.
MSS
MSS (Maximum Segment Size) is the largest amount of data, in bytes, that a device can receive in a single TCP segment, excluding the TCP and IP headers.
MSTP
MSTP (Multiple Spanning Tree Protocol) allows multiple VLANs to be grouped into a single spanning tree instance, reducing the number of spanning tree instances needed in a network.
MTBF
MTBF (Mean Time Between Failures) is a reliability metric that estimates the average operational time between inherent failures of a hardware component or system during normal operation.
MTBF
MTBF predicts average operational time between inherent failures of a device, used to estimate reliability in networking hardware.
MTD
MTD (Maximum Tolerable Downtime) is the longest period a business can function without a specific system or service before the damage becomes unacceptable.
mTLS
mTLS (mutual Transport Layer Security) is a security protocol where both the client and the server authenticate each other using digital certificates before exchanging data.
MTTR
MTTR stands for Mean Time to Repair, a metric that measures the average time it takes to restore a failed system or component to full working order after a failure occurs.
MTU
MTU (Maximum Transmission Unit) is the largest size of a single data packet that can be sent over a network without needing to be fragmented.
Multi-AZ
Multi-AZ refers to a deployment model where resources are replicated across multiple Availability Zones within a cloud region to ensure high availability and fault tolerance.
Multi-AZ deployment
A Multi-AZ deployment runs identical copies of your application or database across two or more physically separate data centers (Availability Zones), ensuring that if one data center fails, another takes over automatically with no downtime.
Multi-AZ RDS
Multi-AZ RDS is a database deployment option that automatically maintains a synchronous standby replica in a different Availability Zone to provide high availability and automatic failover.
Multi-cloud
Multi-cloud is a strategy where an organization uses cloud computing services from more than one cloud provider to distribute workloads, avoid vendor lock-in, and increase resilience.
Multi-Cloud Security
Multi-cloud security is the practice of protecting data, applications, and infrastructure across two or more cloud service providers using unified policies and tools.
Multi-region
Multi-region refers to a deployment strategy where IT resources, applications, or data are hosted in multiple geographic locations to improve availability, disaster recovery, and performance.
Multi-Region architecture
Multi-Region architecture is a deployment strategy where cloud resources are hosted in two or more geographically separate data center regions to improve availability, disaster recovery, and reduce latency for global users.
Multifactor Authentication
Multifactor Authentication (MFA) is a security method that requires you to provide two or more pieces of evidence to prove your identity before accessing an account or system.
Multifiber Push On
A fiber optic connector that allows multiple optical fibers to be connected and disconnected quickly by simply pushing the connector into place, with a small push-pull tab for removal.
Multifunction Printer
A multifunction printer is a single device that combines printing, scanning, copying, and sometimes faxing into one machine.
Multilevel security
Multilevel security is a computer security approach that allows users with different clearance levels to access data at different classification levels on the same system, while preventing unauthorized access.
Multimode fiber
A type of optical fiber that carries multiple light signals simultaneously over short to medium distances, commonly used in local area networks and data centers.
Multiple Input Multiple Output
Multiple Input Multiple Output (MIMO) is a wireless technology that uses multiple antennas at both the sender and receiver to increase data throughput and connection reliability without needing more bandwidth or power.
Multiprotocol Label Switching
Multiprotocol Label Switching (MPLS) is a data-carrying technique that uses short path labels instead of long network addresses to route packets quickly and efficiently across a WAN.
Mutual Non-disclosure Agreement
A Mutual Non-disclosure Agreement is a legally binding contract between two parties where both agree to keep each other's confidential information private and not share it with outsiders.
MX record
An MX (Mail Exchange) record is a DNS resource record that specifies which mail servers are responsible for accepting email messages on behalf of a domain.
NaaS
NaaS is a cloud delivery model where network infrastructure and services are provided on-demand via a subscription, eliminating the need for on-premises hardware.
NAC
Network Access Control (NAC) is a security technology that enforces policies to control which devices and users can connect to a network.
NACL
A Network Access Control List (NACL) is a stateless firewall that controls inbound and outbound traffic at the subnet level in a virtual private cloud.
Name Server
A name server is a specialized server that translates human-readable domain names into machine-readable IP addresses so that computers can find each other on a network.
Named ACL
A Named ACL is a list of rules applied to a network device, identified by a name instead of a number, that controls which traffic is allowed or blocked based on source and destination IP addresses, protocols, and port numbers.
Named entity recognition
Named entity recognition (NER) is an Azure AI service feature that automatically identifies and classifies key pieces of information in text, such as names of people, organizations, locations, dates, and other specific data.
Namespaces
A Namespace in Kubernetes is a virtual cluster within a physical cluster that allows you to organize and isolate resources, like an apartment building with separate units for different tenants.
NAS
NAS is a dedicated file-level storage device connected to a network, providing centralized data access to multiple clients via standard protocols like NFS or SMB.
NAS
NAS is a dedicated file-level storage device connected to a network, providing centralized data access to multiple clients.
NAT
NAT (Network Address Translation) is a method that allows multiple devices on a private network to share a single public IP address when accessing the internet.
NAT Gateway
A NAT Gateway is a managed AWS service that allows instances in a private subnet to connect to the internet or other AWS services while preventing the internet from initiating connections back to those instances.
NAT instance
A NAT instance is a virtual machine that forwards traffic from a private subnet to the internet, performing Network Address Translation (NAT) so that private instances can reach the internet without exposing them to inbound connections.
NAT overload
NAT overload is a form of network address translation that allows many devices on a private network to share a single public IP address by using unique port numbers to track each connection.
Native VLAN
A native VLAN is the default VLAN assigned to a trunk port that carries untagged traffic for backwards compatibility with devices that do not understand VLAN tagging.
Native VLAN mismatch
A Native VLAN mismatch occurs when two connected switches have different Native VLANs configured on the trunk port, causing control traffic like CDP, DTP, and BPDUs to be sent on the wrong VLAN and potentially creating security vulnerabilities or connectivity issues.
Natural Language AI
Natural Language AI is a branch of artificial intelligence that enables computers to understand, interpret, and generate human language in a way that is both meaningful and useful.
Natural language processing
Natural language processing (NLP) is a branch of artificial intelligence that helps computers understand, interpret, and respond to human language in a way that is both meaningful and useful.
NDA
A legally binding contract that restricts the sharing of confidential information with unauthorized parties.
NDP
NDP (Neighbor Discovery Protocol) is a key part of IPv6 that lets devices on the same network find each other and figure out how to communicate.
Near-field Communication
Near-field Communication (NFC) is a short-range wireless technology that allows two devices to exchange data when they are touched or brought within a few centimeters of each other.
Need to know
Need to know is a security principle that restricts access to information or resources only to individuals who require that access to perform their job duties.
Neighbor Discovery Protocol
Neighbor Discovery Protocol (NDP) is a part of IPv6 that lets devices on the same network find each other, figure out each other's addresses, and keep communication working smoothly.
Neighbor Solicitation
Neighbor Solicitation is an IPv6 message used by a device to request another device's link-layer address (MAC address) or to verify that a target IP address is unique on the local network.
Neptune
Neptune is a fully managed database service by AWS designed specifically for graph database workloads, using property graph and RDF models.
Nessus
Nessus is a vulnerability scanner that automatically identifies security weaknesses, missing patches, and misconfigurations in computer systems and networks.
NetBIOS
NetBIOS is an API and protocol suite for legacy Windows network name resolution and session management over LANs.
NetBIOS Enumeration
NetBIOS Enumeration is the process of gathering information from a Windows system using the NetBIOS protocol to discover shares, users, and system details over a network.
NETCONF
NETCONF is a network management protocol that allows administrators to configure, retrieve, and delete settings on network devices using a structured, machine-readable data format.
NETCONF Protocol
NETCONF is a network management protocol that uses a structured data format to configure, retrieve, and modify network devices in a standard, programmatic way.
NetFlow
NetFlow is a network protocol developed by Cisco that collects and monitors IP traffic data to provide visibility into network usage, performance, and security.
NetFlow Configuration
NetFlow Configuration is the process of setting up Cisco devices to collect and export metadata about network traffic flows for monitoring, analysis, and troubleshooting.
netstat
netstat (network statistics) is a command-line tool that displays active network connections, listening ports, routing tables, and network protocol statistics on a computer.
Network Access Analyzer
A Network Access Analyzer is a security tool that monitors and analyzes who and what is trying to connect to a network, checking for unauthorized access and policy violations.
Network Access Control
Network Access Control is a security solution that enforces policies to control which devices and users can connect to a network, ensuring only authorized and compliant endpoints gain access.
Network ACL
A Network ACL is a virtual firewall that controls inbound and outbound traffic at the subnet level in a cloud network, acting as a stateless packet filter.
Network address
A network address is a unique identifier that allows devices to find and communicate with each other on a computer network.
Network Address Translation
Network Address Translation (NAT) is a method that allows multiple devices on a local network to share a single public IP address to access the internet.
Network as a Service
Network as a Service (NaaS) is a cloud-based model where you rent networking capabilities like routers, firewalls, and bandwidth from a provider instead of buying and managing the hardware yourself.
Network Baseline
A network baseline is a recorded snapshot of normal network performance that serves as a reference point for identifying problems and measuring changes.
Network Cabling Standards
Network cabling standards are the official rules and specifications that define how cables used to connect computers and network devices must be built, tested, and installed to ensure reliable communication.
Network Connectivity Troubleshooting
Network Connectivity Troubleshooting is the systematic process of identifying and resolving problems that prevent devices from communicating with each other over a network.
Network Functions Virtualization
Network Functions Virtualization (NFV) is a way to replace specialized hardware network devices with software running on standard servers to make networks more flexible and cheaper to manage.
Network Interface Card
A Network Interface Card (NIC) is a hardware component that allows a computer or device to connect to a network and communicate with other devices.
Network Load Balancer
A Network Load Balancer is a cloud service that automatically distributes incoming network traffic across multiple servers to ensure applications remain fast, available, and secure.
Network monitoring
Network monitoring is the practice of continuously observing a computer network for issues like slow performance, failures, or security threats to keep it running smoothly and reliably.
Network perimeter
A network perimeter is the boundary between an organization's internal trusted network and external untrusted networks like the internet, where security controls are deployed to protect internal assets.
Network Policies
A Kubernetes resource that controls how pods communicate with each other and with other network endpoints, acting as a firewall for pod-to-pod traffic.
Network printer
A network printer is a printer that is connected to a network, allowing multiple users and computers to send print jobs to it over the network rather than requiring a direct cable connection to a single computer.
Network profile
A network profile is a collection of settings that defines how a device connects to and behaves on a specific type of network, such as public, private, or domain networks.
Network security
Network security is the practice of protecting a computer network from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, ensuring the confidentiality, integrity, and availability of data and resources.
Network Security Group
A Network Security Group is a set of rules that controls inbound and outbound traffic to Azure resources like virtual machines and subnets.
Network segmentation
Network segmentation is the practice of dividing a computer network into smaller, isolated parts to improve performance, contain security threats, and simplify management.
Network telemetry
Network telemetry is the automated process of collecting, transmitting, and analyzing data from network devices to monitor performance, detect issues, and improve security in real time.
Network Time Protocol
Network Time Protocol (NTP) is a networking protocol that synchronizes the clocks of computers and devices over a network to a common reference time source, typically Coordinated Universal Time (UTC).
Network Time Security
Network Time Security (NTS) is a protocol that secures time synchronization between devices by authenticating time servers and encrypting time data.
Network topology
Network topology is the physical or logical arrangement of devices, cables, and data paths in a computer network.
Network Troubleshooting
Network troubleshooting is the systematic process of identifying, diagnosing, and resolving problems in a computer network to restore normal operation.
Network Visibility
Network visibility is the ability to see, monitor, and understand all traffic and devices on a network to ensure security, performance, and troubleshooting.
Network Watcher
Network Watcher is a monitoring and diagnostics service used in cloud environments to track network traffic, detect issues, and analyze performance between virtual machines and other resources.
NetworkManager
NetworkManager is a software utility in Linux-based operating systems that simplifies the management of network connections by automatically handling configuration, switching, and connectivity tasks for both wired and wireless networks.
Neural network
A neural network is a computing system modeled loosely on the human brain that learns to recognize patterns from data without being explicitly programmed for every rule.
New Technology File System
New Technology File System (NTFS) is a modern file system developed by Microsoft that controls how data is stored, organized, and accessed on Windows-based hard drives and other storage devices.
Next hop
A next hop is the next immediate router or device that a packet is sent to on its path from source to destination.
NFC
Near Field Communication is a short-range wireless technology that lets two devices exchange data when they are held close together, typically within a few centimeters.
NFS
Network File System (NFS) is a protocol that allows a computer to access files over a network as if they were on its own local hard drive.
nftables
nftables is a modern Linux kernel packet classification framework that replaces the older iptables, ip6tables, arptables, and ebtables tools for configuring network packet filtering, NAT, and firewall rules.
NFV
NFV virtualizes network services like firewalls and routers, decoupling them from proprietary hardware to run as software on standard servers.
NGFW
A Next-Generation Firewall is a security device that inspects network traffic deeply, beyond just IP addresses and ports, to block modern threats like malware and intrusions.
NIC
A NIC is a hardware component that connects a computer to a network, enabling communication over wired or wireless media.
Nikto
Nikto is an open-source web server scanner that tests for potentially dangerous files, outdated server software, and configuration issues.
NIST Cybersecurity Framework
The NIST Cybersecurity Framework is a set of voluntary guidelines, standards, and best practices created by the National Institute of Standards and Technology to help organizations manage and reduce cybersecurity risk.
NLB
NLB (Network Load Balancer) is a networking device or software that distributes incoming network traffic across multiple servers to ensure high availability, scalability, and reliability.
NLP
NLP (Natural Language Processing) is a branch of artificial intelligence that enables computers to understand, interpret, and generate human language in a way that is meaningful and useful.
Nmap
Nmap is a network scanning tool used to discover hosts, services, and operating systems on a computer network.
Nmap Scanning
Nmap scanning is a method used to discover devices running on a network and find open ports, services, and security weaknesses.
nmcli
nmcli is a command-line tool used in Linux to manage network connections, devices, and settings through NetworkManager.
Node Affinity
Node Affinity is a set of rules used by Kubernetes to determine which nodes a pod can be scheduled on, based on labels assigned to the nodes.
Node Failure Troubleshooting
Node failure troubleshooting is the process of identifying, diagnosing, and resolving issues when a worker node in a Kubernetes cluster becomes unavailable or unhealthy.
Node pool
A node pool is a group of virtual machines (nodes) within a container orchestration cluster that share the same configuration, such as machine size, operating system, and scaling settings, allowing you to manage them as a single unit.
Node Restriction
A Kubernetes admission controller that limits what a kubelet can modify on its own node to prevent privilege escalation and unauthorized access.
Non-disclosure agreement
A legally binding contract that prevents one party from sharing confidential information with unauthorized individuals or entities.
Non-relational database
A non-relational database is a type of database that stores data in flexible formats like documents, key-value pairs, graphs, or wide-columns, rather than the rigid tables and rows used in relational databases.
Non-repudiation
Non-repudiation is a security principle that ensures a party in a digital transaction cannot deny their involvement or the authenticity of their digital signature.
Non-volatile Memory Express
Non-volatile Memory Express (NVMe) is a high-speed interface protocol that connects storage devices like SSDs directly to the CPU for much faster data transfer than older technologies like SATA.
Normalization
Normalization is the process of organizing data in a database to reduce redundancy and improve data integrity by dividing large tables into smaller, related tables and defining relationships between them.
Northbound API
A northbound API is an interface that allows higher-level software components, such as network management or orchestration platforms, to communicate with and control lower-level network devices like switches and routers.
NS
An NS (Name Server) record delegates a DNS zone to a specific authoritative name server for that domain.
NSG flow logs
NSG flow logs are records of IP traffic flowing through an Azure Network Security Group, used for monitoring, analysis, and troubleshooting network security.
NSG rule
An NSG rule is a set of security rules in Microsoft Azure that controls whether network traffic is allowed or denied to and from Azure resources.
nsswitch
nsswitch (Name Service Switch) is a configuration file in Unix-like operating systems that determines which databases and services are consulted to resolve system information like user names, group memberships, and hostnames.
NTFS
NTFS (New Technology File System) is a file system used by Windows to organize and control how data is stored, retrieved, and secured on a hard drive or SSD.
NTFS Forensics
NTFS Forensics is the practice of examining New Technology File System structures to recover evidence of user activity, hidden data, and deleted files for cybersecurity investigations.
NTP
Network Time Protocol is a networking protocol used to synchronize the clocks of computers and devices over a network to a common time reference.
NTP Authentication
NTP Authentication is a security feature that ensures a network device only synchronizes its clock with trusted time servers by using encrypted keys to verify the identity of the time source.
NTP Client and Server
The NTP (Network Time Protocol) Client and Server are roles in a time synchronization system where the server provides accurate time to clients, ensuring all devices on a network share the same precise clock.
NTS
NTS (Network Time Security) is a cryptographic protocol that secures NTP time synchronization against tampering and delay attacks.
Numbered ACL
A numbered ACL is an access control list on a router or firewall that uses a number to identify the list and define rules for permitting or denying traffic based on source and destination IP addresses, ports, and protocols.
NVMe
NVMe (Non-Volatile Memory Express) is a high-speed storage protocol that allows solid-state drives to communicate directly with a computer's CPU, dramatically improving data transfer speeds compared to older storage interfaces.
NVMe Storage
NVMe storage is a fast type of solid-state drive that connects directly to a computer's processor using the PCI Express interface, allowing data to move much quicker than older storage technologies.
OAuth
OAuth is an open standard for access delegation that allows users to grant third-party applications limited access to their resources without sharing their credentials.
OAuth abuse
OAuth abuse is the exploitation of the OAuth authorization framework by attackers to gain unauthorized access to user data or systems by manipulating tokens, redirects, or consent processes.
Object
In IT and cloud computing, an object is a discrete unit of data stored in a structure that pairs the data with its metadata and a unique identifier, enabling scalable access without a traditional folder hierarchy.
Object detection
Object detection is a computer vision technology that identifies and locates specific objects within an image or video.
Object storage
Object storage is a data storage architecture that manages data as distinct units called objects, each with its own unique identifier and metadata, rather than as files in a hierarchy or blocks on a disk.
Obtain/build
Obtain/build is an ITIL process that covers the activities required to acquire new or modified service components and ensure they are built, tested, and ready for deployment.
OCR
Optical Character Recognition is technology that converts images of text, like scanned documents or photos, into machine-readable text data.
OCSP
OCSP (Online Certificate Status Protocol) is a method used to check whether a digital certificate is still valid or has been revoked in real time.
Office 365
Office 365 is a cloud-based subscription service from Microsoft that provides access to productivity applications like Word, Excel, and Outlook, along with other cloud services, for a monthly or annual fee.
Offline files
Offline files are copies of network files stored locally on a device so they remain accessible even when the network is unavailable.
OIDC federation
OIDC federation is a method that lets users log into multiple applications or services using a single identity from a trusted provider, based on the OpenID Connect protocol.
OLAP
OLAP (Online Analytical Processing) is a computing approach that enables users to quickly and interactively analyze multidimensional data from multiple perspectives for business intelligence and decision support.
OLED display
An OLED display is a screen technology that uses organic compounds to emit light when an electric current is applied, enabling thinner, more vibrant, and energy-efficient screens for mobile devices.
OLTP
OLTP (Online Transaction Processing) is a data processing system designed to manage and record high volumes of real-time transactions, such as bank deposits or online purchases, quickly and reliably.
On-demand capacity
On-demand capacity is the ability to instantly add or remove computing resources like storage or processing power as needed, paying only for what you use.
On-Demand Instance
An On-Demand Instance is a virtual server you can rent by the hour or second with no long-term commitment, paying only for what you use.
One-time Password
A one-time password is a temporary, single-use code that authenticates a user for one login session or transaction.
OneDrive
OneDrive is Microsoft’s cloud storage service that lets you store, sync, and share files online across devices.
OneDrive for Business
OneDrive for Business is a cloud-based file storage and synchronization service from Microsoft, part of Microsoft 365, that lets users store, access, and share work files securely from anywhere.
OneDrive sync
OneDrive sync is the process of copying files between a user's local device and Microsoft's cloud storage service, ensuring that the same versions are available offline and online.
OOB
OOB (Out-of-Band Management) is a method of managing network devices using a dedicated, separate network path that does not carry production traffic.
OPA Gatekeeper
OPA Gatekeeper is a Kubernetes admission controller that enforces custom security and compliance policies on resources before they are created or updated in a cluster.
Open Systems Interconnection
The Open Systems Interconnection (OSI) model is a conceptual framework used to understand how data travels from one computer to another across a network.
OpenID Connect
OpenID Connect is an identity layer on top of OAuth 2.0 that allows applications to verify a user's identity and obtain basic profile information in a standardized way.
OpenSSH
OpenSSH is a suite of tools that lets you securely connect to and manage remote computers over an unsecured network like the internet.
OpenVAS
OpenVAS is an open-source vulnerability scanner that helps IT professionals identify security weaknesses in networks, systems, and applications.
Operating system
An operating system (OS) is the core software that manages a computer's hardware and software resources, providing common services for computer programs.
Operational excellence
Operational excellence is the ability to run systems reliably, efficiently, and securely while constantly improving processes and responding to changes.
Operational intelligence
Operational intelligence is the real-time analysis of IT system data to detect patterns, anomalies, and threats as they happen, enabling immediate action to protect systems and maintain performance.
Operational Technology
Operational Technology (OT) refers to the hardware and software systems that monitor, control, and manage physical devices, processes, and infrastructure in industries like manufacturing, energy, and utilities.
OpEx
Operational Expenditure (OpEx) is the ongoing cost for running a business, like paying for cloud services monthly instead of buying hardware upfront.
Opportunity
In ITIL, an opportunity is a potential improvement or new capability that could bring value, benefit, or reduce risk, and it must be evaluated, prioritized, and possibly implemented as part of a service improvement initiative.
OpsCenter
OpsCenter is a centralized management platform used to monitor, deploy, and orchestrate IT infrastructure and applications across multiple environments.
Optical drive
An optical drive is a hardware component that reads and writes data on optical discs like CDs, DVDs, and Blu-ray discs using a laser beam.
Optical Network Terminal
An Optical Network Terminal (ONT) is a device that connects your home or office to the internet service provider's fiber optic network, converting light signals into electrical signals your devices can use.
Optimize and automate
Optimize and automate is an ITIL guiding principle that means making a process as effective as possible before using technology to run it automatically, rather than automating a broken or inefficient workflow.
Organic Light-emitting Diode
An Organic Light-emitting Diode (OLED) is a display technology that uses organic compounds to emit light when an electric current passes through them, enabling thin, flexible, and energy-efficient screens with high contrast.
Organization
An Organization is a top-level container in Google Cloud that represents your company or entities and serves as the root node for all your cloud resources, policies, and access control.
Organizational Change Management
Organizational Change Management (OCM) is the structured approach to preparing, supporting, and guiding people through changes in an organization to ensure lasting success.
Origin access control
Origin access control is a security mechanism that restricts access to a network, system, or resource based on the verified identity or attributes of the requesting entity.
Original Equipment Manufacturer
An Original Equipment Manufacturer (OEM) is a company that produces hardware components or complete systems that are sold under another company's brand name.
OSI model
The OSI model is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven distinct layers, from physical hardware to application software.
OSINT
OSINT (Open Source Intelligence) is the practice of collecting and analyzing publicly available information from free or commercially available sources to support intelligence gathering, cybersecurity assessments, and penetration testing.
OSINT Techniques
OSINT techniques are methods used to collect information from publicly available sources for security assessments or investigations.
OSPF
OSPF is a link-state routing protocol that uses the SPF algorithm to compute the shortest path to each destination within a single autonomous system.
OSPF
OSPF is a link-state routing protocol used to find the best path for data packets to travel across IP networks, like a smart GPS that recalculates routes when traffic changes.
OSPF adjacency
An OSPF adjacency is a logical neighbor relationship formed between two OSPF routers that have completed a series of hello and database exchange processes, enabling them to share routing information and maintain a consistent view of the network topology.
OSPF and EIGRP Authentication
OSPF and EIGRP authentication is a security feature that verifies the identity of routers exchanging routing updates, ensuring only trusted devices can participate in the network.
OSPF area
An OSPF area is a logical grouping of routers and networks within an OSPF routing domain, used to control routing traffic and improve scalability.
OSPF authentication
OSPF authentication is a security mechanism that verifies the identity of routers exchanging routing information within an OSPF network, preventing unauthorized or malicious routing updates.
OSPF cost
OSPF cost is a metric used by the Open Shortest Path First routing protocol to determine the best path for data packets to travel through a network, based on the characteristics of each link.
OSPF Default Route Advertisement
OSPF Default Route Advertisement is the process by which a router using the OSPF routing protocol tells other routers to send all traffic for unknown destinations to it, acting as a gateway of last resort.
OSPF LSA Types
OSPF LSA types are different categories of link-state advertisements that OSPF routers use to share and learn about network topology information.
OSPF metric
OSPF metric is a cost value assigned to each route in an Open Shortest Path First network, used to determine the best path for data packets.
OSPF neighbor
An OSPF neighbor is another router that has been directly discovered through OSPF Hello packets and is willing to exchange routing information to build a network topology map.
OSPF network type
OSPF network type defines how the Open Shortest Path First routing protocol operates on a given interface, determining neighbor discovery, adjacency formation, and the election of designated routers.
OSPF Network Types
OSPF network types define how OSPF operates on a particular interface, controlling neighbor discovery, hello timer intervals, and the method of sending routing updates.
OSPF Path Selection
OSPF Path Selection is the process by which the Open Shortest Path First routing protocol determines the best route for data packets to travel across a network.
OSPF Route Summarization
OSPF route summarization is a technique that combines multiple smaller network routes into a single, larger route advertisement to reduce the size of routing tables and improve network stability.
OSPF Special Area Types
OSPF special area types are configurations within an OSPF network that limit the type of routing information shared across an area to reduce routing table size and processing overhead.
OSPF Virtual Link
OSPF Virtual Link is a feature that connects two separate areas through a transit area, allowing an area to be linked to the backbone area without a direct physical connection.
OSPFv2
OSPFv2 is a network routing protocol that helps routers share information about the best paths to send data across an IP network.
OSPFv3
OSPFv3 is the version of the Open Shortest Path First routing protocol that supports IPv6 networks, enabling routers to exchange routing information for IPv6 addresses.
OT
Operational Technology (OT) is hardware and software that monitors and controls physical devices, processes, and infrastructure in industrial environments.
Out-of-band
Out-of-band refers to a separate, dedicated network path used for managing and configuring IT devices, distinct from the main data traffic path.
Outbound ACL
An Outbound ACL is a set of rules applied to traffic leaving a network interface that decides which packets are allowed to exit and which are blocked.
Outcome
An outcome is the measurable result of a service, process, or activity, often tied to business value and customer satisfaction.
Outlook
Microsoft Outlook is an email, calendar, and contact management application that is part of the Microsoft 365 suite, used by businesses and individuals to organize communications and schedules.
Outposts
AWS Outposts is a fully managed service that extends AWS infrastructure, services, and tools to virtually any on-premises data center or co-location space for a truly consistent hybrid cloud experience.
Output
In IT service management, output is the result or deliverable produced by a process, system, or component, such as data, reports, or services delivered to a customer.
Output device
An output device is any piece of computer hardware that displays, prints, or otherwise conveys information from a computer to a user.
Outside global
An Outside global address is the publicly routable IP address assigned to a device on the external network (usually the internet) as seen from the perspective of a network device performing Network Address Translation (NAT).
Outside local
Outside local is the IP address that a device on the inside of a private network appears to have from the perspective of hosts located outside the network, typically after Network Address Translation (NAT) has been applied.
Overfitting
Overfitting occurs when a machine learning model learns the training data too well, including its noise and outliers, causing it to perform poorly on new, unseen data.
OWASP Top 10
The OWASP Top 10 is a regularly updated list of the most critical security risks to web applications, published by the Open Web Application Security Project (OWASP) to help developers and security professionals prioritize and mitigate common vulnerabilities.
Owner role
The Owner role is an access control entity that holds full administrative rights over a resource, including the ability to grant or revoke permissions for other users.
PaaS
Platform as a Service (PaaS) is a cloud computing model that provides a managed platform for developers to build, run, and manage applications without dealing with the underlying infrastructure.
Packet
A packet is a small unit of data that is sent over a network, containing both the actual data and control information for delivery.
Packet capture
Packet capture is the process of intercepting and recording data packets traveling over a computer network for analysis.
Packet loss
Packet loss is the failure of one or more data packets to reach their destination across a network, resulting in missing or incomplete data transfers.
PAgP
Port Aggregation Protocol (PAgP) is a Cisco proprietary protocol that automatically bundles multiple physical Ethernet links into a single logical link to increase bandwidth and provide redundancy.
PAM
Privileged Access Management (PAM) is a security framework that controls, monitors, and audits access to critical systems and accounts with elevated permissions.
PAN
A Personal Area Network is a small network used for connecting devices close to one person, usually within a range of about 10 meters.
Paper jam
A paper jam is a printer malfunction where paper gets stuck inside the device, preventing normal printing operations.
Parameter Store
Parameter Store is a secure, centralized service for storing and managing configuration data, secrets, and environment variables used by applications and IT infrastructure.
Partition key
A partition key is a value used by database systems to distribute data across multiple storage partitions, enabling faster queries and efficient scaling.
Partner Interconnect
Partner Interconnect is a Google Cloud service that allows you to connect your on-premises network to Google Cloud through a supported third-party service provider.
Pass-the-hash
Pass-the-hash is a cyberattack where an attacker captures the hash of a user's password and uses it to authenticate to other systems without ever knowing the actual password.
Pass-through authentication
Pass-through authentication is a Microsoft Azure Active Directory authentication method that validates user passwords directly against on-premises Active Directory without storing password hashes in the cloud.
Passive interface
A passive interface is a network interface that participates in a routing protocol (like OSPF) by listening for and learning routes, but does not send routing protocol messages out of that interface.
Passive reconnaissance
Passive reconnaissance is the process of gathering information about a target system or network without directly interacting with it, using publicly available sources and stealthy observation.
passwd
passwd is a command-line utility used on Linux and Unix-like systems to change a user's password, typically stored in an encrypted format in the /etc/shadow file.
Password Cracking
Password cracking is the process of using software tools or techniques to recover unknown passwords from stored data or by guessing them systematically.
Password hash synchronization
Password hash synchronization is a Microsoft Azure AD Connect feature that synchronizes a hash of a user's on-premises Active Directory password to Azure AD, enabling cloud-based authentication without additional infrastructure.
Password manager
A password manager is a software application that securely stores and manages login credentials, allowing users to generate, retrieve, and autofill complex passwords without needing to remember each one.
Password policy
A set of rules designed to enhance computer security by encouraging users to create strong, secure passwords and store them properly.
Password spraying
Password spraying is a type of brute-force attack where an attacker tries a few commonly used passwords against many different accounts to avoid account lockouts.
Passwordless authentication
Passwordless authentication is a method of verifying a user's identity without requiring them to enter a password, using alternative factors like biometrics, hardware tokens, or one-time codes.
PAT
PAT (Port Address Translation) is a method of network address translation that maps multiple private IP addresses to a single public IP address by using different port numbers for each connection.
Patch
A patch is a small piece of code designed to fix a bug, close a security vulnerability, or improve the performance of a software application or operating system.
Patch cable
A short, flexible cable used to connect electronic devices to each other or to a network, often temporarily or for testing.
Patch management
Patch management is the process of identifying, acquiring, testing, and deploying software updates (patches) to fix vulnerabilities, bugs, or improve performance in IT systems.
Patch Manager
A Patch Manager is a tool or service that automates the process of finding, downloading, testing, and installing software updates across multiple computers to keep them secure and stable.
Patch panel
A patch panel is a mounted hardware unit with ports that connect incoming and outgoing network cables, serving as a central point for organizing and managing cable connections.
Patch prioritization
Patch prioritization is the process of ranking security updates based on risk, impact, and urgency to decide which ones to apply first in an IT environment.
Path cost
Path cost is a numerical value assigned to each network path used by the Spanning Tree Protocol to determine the most efficient route and prevent loops in a switched network.
Path traversal
Path traversal is a web security vulnerability that allows an attacker to access files and directories stored outside the web server's root folder by manipulating file paths in user-supplied input.
Payload
In IT and cybersecurity, a payload is the core data or malicious code delivered within a packet, file, or attack that performs the actual intended action.
Payment Card Industry Data Security Standards
A set of security rules that any company that handles credit card payments must follow to protect cardholder data from theft and fraud.
PCI
PCI (Peripheral Component Interconnect) is a standard bus interface used in computers to connect hardware devices like graphics cards, network adapters, and storage controllers to the motherboard.
PCI DSS
The Payment Card Industry Data Security Standard is a set of security requirements designed to protect credit card data during storage, processing, and transmission.
PCIe
PCI Express (PCIe) is a high-speed interface standard that connects components like graphics cards, SSDs, and network cards to a computer's motherboard.
PCL
PCL (Printer Command Language) is a page description language developed by Hewlett-Packard that tells a printer how to format and print text and graphics on a page.
PDU
A PDU (Protocol Data Unit) is the unit of data at a specific layer of the OSI or TCP/IP model, containing both header and payload information as it travels across a network.
PDU
A PDU distributes electrical power to multiple devices in a data center, often with monitoring and remote control capabilities.
Penetration test
A penetration test is a simulated cyberattack against a computer system, network, or application to identify security weaknesses that an attacker could exploit.
Penetration testing
Penetration testing is a simulated cyberattack on a computer system, network, or application to find security weaknesses before real attackers can exploit them.
Perfect forward secrecy
Perfect forward secrecy is a property of secure communication protocols that ensures that even if a long-term private key is compromised, past session keys and the messages they encrypted remain safe from decryption.
Performance efficiency pillar
The performance efficiency pillar is a set of design principles and best practices within the AWS Well-Architected Framework that focuses on using computing resources effectively to meet system requirements while maintaining efficiency as demand changes.
Performance Monitoring
Performance Monitoring is the practice of continuously measuring and analyzing network device metrics to ensure optimal operation, detect problems early, and maintain service quality.
Perimeter Security Design
Perimeter Security Design is the practice of establishing a boundary around an organization's network or cloud environment to protect internal assets from external threats using a layered combination of controls like firewalls, intrusion detection systems, and access policies.
Peripheral Component Interconnect
Peripheral Component Interconnect (PCI) is a standard slot and bus system inside a computer that allows you to connect expansion cards like network cards, sound cards, and graphics cards to the motherboard.
Peripheral Component Interconnect Express
PCI Express (PCIe) is a high-speed expansion bus standard that connects internal hardware components like graphics cards, SSDs, and network adapters to a computer's motherboard.
Peripheral device
Any external hardware component that connects to a computer to add or enhance functionality, such as input, output, or storage capabilities.
Permission
A permission is a setting that determines what actions a user or system is allowed to perform on a resource like a file, folder, or device.
Permission boundary
A permission boundary is the defined limit that controls which users, processes, or systems can access specific resources in a computing environment.
Persistence
Persistence is the set of techniques attackers use to maintain long-term access to a compromised system even after reboots or credential changes.
Persistence Mechanisms
Techniques used by attackers to maintain long-term access to a compromised system after an initial breach.
Persistent Disk
Persistent Disk is a durable, high-performance block storage service for Google Cloud virtual machines that retains data even after the VM is shut down or deleted.
Persistent Volume Claims
A Persistent Volume Claim (PVC) is a request for storage resources in Kubernetes, allowing a pod to consume abstracted storage without knowing the underlying storage details.
Persistent Volumes
A Persistent Volume is a piece of storage in a Kubernetes cluster that has been provisioned by an administrator and exists independently of any single pod that uses it.
Personal Area Network
A Personal Area Network (PAN) is a small network that connects devices within a person's immediate workspace, typically within a range of about 10 meters.
Personal Computer
A personal computer is a general-purpose computing device designed for individual use, running operating systems like Windows, macOS, or Linux.
Personal Identification Number
A Personal Identification Number (PIN) is a short numeric code used to verify a user's identity before granting access to a system, device, or account.
Personal Identity Verification
Personal Identity Verification, or PIV, is a US federal government standard for using smart cards to securely verify a person's identity for access to physical and digital resources.
Personally identifiable information
Personally identifiable information (PII) is any data that can be used to identify, contact, or locate a specific individual, either alone or when combined with other information.
PHI
PHI stands for Protected Health Information, which is any health data that can identify an individual and is protected by the Health Insurance Portability and Accountability Act (HIPAA).
Phishing
Phishing is a type of cyber attack where criminals impersonate legitimate organizations or individuals to trick victims into revealing sensitive information such as passwords, credit card numbers, or personal data.
Physical control
Physical controls are tangible security measures like locks, fences, and biometric scanners used to protect buildings, hardware, and sensitive data from unauthorized physical access or harm.
Physical Security Measures
Physical security measures are tangible controls and barriers that protect computer hardware, data centers, and network equipment from unauthorized physical access, theft, damage, or environmental threats.
Physical volume
A physical volume is a storage device or partition that is initialized for use by a volume manager, allowing it to be combined into logical storage pools.
Pickup roller
A rubber roller inside a printer that grabs a single sheet of paper from the paper tray and moves it into the printing path.
Piggybacking
Piggybacking is the act of an unauthorized person following an authorized person into a restricted area or system by taking advantage of their access.
PII
PII stands for Personally Identifiable Information, which is any data that can be used to identify a specific individual.
Pilot light
A pilot light is a small, always-on indicator or a minimal always-running instance in IT architecture that keeps a system ready and signals its operational status, much like the small flame that keeps a gas furnace ready to ignite.
PIM
Privileged Identity Management, a Microsoft Azure Active Directory tool that manages, monitors, and controls access to privileged roles on a just-in-time basis.
Ping
Ping is a network utility used to test whether a remote computer or device is reachable across an IP network and to measure the round-trip time of data packets.
Pipeline
A pipeline is an automated series of steps that takes code from development to production, ensuring quality and speed.
Pipeline artifact
A pipeline artifact is a file or collection of files produced during a CI/CD pipeline stage that is stored and used by subsequent stages or for deployment.
Pipes
A pipe is a mechanism that connects the output of one command directly to the input of another command, allowing data to flow between processes in a chain.
Pivoting
Pivoting is a post-exploitation technique where an attacker uses a compromised system as a relay to access other systems on a network that were not directly reachable.
PKI
Public Key Infrastructure (PKI) is a framework of policies, hardware, software, and procedures that creates, manages, distributes, uses, stores, and revokes digital certificates to enable secure communications over networks.
Placement group
A logical grouping of cloud instances placed close together or spread apart to optimize performance, fault tolerance, or network latency.
Plan
In ITIL, the Plan stage defines the strategy and roadmap for delivering IT services that align with business goals.
Planner
Planner is a Microsoft 365 tool for teams to create, assign, track, and manage tasks visually using boards and charts.
Platform as a Service
Platform as a Service (PaaS) is a cloud computing model that provides a complete platform for developing, running, and managing applications without the complexity of building and maintaining the underlying infrastructure.
Platform service
A platform service is a cloud computing offering that provides a complete environment for developing, deploying, and managing applications without the need to manage the underlying infrastructure.
Playbook
A playbook is a documented set of predefined steps, scripts, and decision trees used by IT teams to automate, standardize, and respond consistently to common tasks or incidents.
PMKID attack
A PMKID attack is a wireless network attack that exploits a vulnerability in the RSN IE (Robust Security Network Information Element) of Wi-Fi Protected Access (WPA/WPA2) networks to recover the Pre-Shared Key (PSK) without needing to capture the full four-way handshake.
Pod
A pod is the smallest deployable unit in Kubernetes, containing one or more containers that share storage, network, and a specification for how to run.
Pod Design
Pod Design refers to the patterns, strategies, and best practices for defining and structuring Kubernetes Pods to run containerized applications reliably and efficiently.
Pod Failure Troubleshooting
Pod failure troubleshooting is the process of identifying and resolving issues that cause Kubernetes pods to crash, restart, or become unavailable.
Pod Lifecycle
The Pod Lifecycle describes the sequence of states a Kubernetes pod passes through from creation to termination, including pending, running, succeeded, failed, and unknown conditions.
Pod Security Admission
Pod Security Admission is a Kubernetes feature that enforces security standards on pods at creation time to prevent running containers with dangerous privileges.
Pod Security Context
A Pod Security Context defines privilege and access control settings for a Pod or its containers in Kubernetes, such as which user ID to run as or which Linux capabilities to allow.
Pod Security Standards
Pod Security Standards are a set of predefined Kubernetes policies that control the security context of pods to prevent privilege escalation and enforce least privilege.
Pods and Containers
Pods are the smallest deployable units in Kubernetes that wrap one or more containers, sharing network and storage resources.
PoE
Power over Ethernet (PoE) is a technology that lets network cables carry electrical power to devices like cameras and phones, so they don't need a separate power outlet.
PoE+
PoE+ (Power over Ethernet Plus) is a networking standard that delivers up to 30 watts of electrical power along with data over a single Ethernet cable to devices like IP cameras and wireless access points.
Point in Time Restore
Point in Time Restore is a database recovery feature that lets you roll back a database to any earlier state within a configured retention period.
Point-to-point link
A point-to-point link is a direct communication connection between two devices or network nodes that allows them to exchange data without passing through any other intermediate device.
Point-to-point OSPF
Point-to-point OSPF is a network configuration where Open Shortest Path First routing protocol operates over a direct link between exactly two routers, treating the link as a simple connection without the need for a designated router or backup designated router.
Point-to-point Tunneling Protocol
A networking protocol that creates a secure tunnel for data to travel between two points over the internet, often used for VPNs.
Pointer Record
A DNS pointer record (PTR) maps an IP address to a domain name, performing the reverse of a standard A or AAAA record.
Policing
Traffic policing is a network mechanism that monitors data traffic against a configured rate limit and drops or remarks packets that exceed that limit to enforce bandwidth usage.
Policy
A policy is a set of rules or guidelines that defines how an organization manages, secures, and operates its IT systems and services.
Policy as code
Policy as code is the practice of representing and managing security, compliance, and governance rules as executable code, enabling automated validation and enforcement across infrastructure and software development workflows.
Policy assignment
Policy assignment is the process of attaching a set of rules or permissions to a specific resource, user, or group so that those rules are enforced in a cloud or IT environment.
Policy Based Routing
Policy Based Routing (PBR) is a technology that allows network traffic to be forwarded based on user-defined policies rather than just the destination IP address in the routing table.
Policy definition
A policy definition is a formal rule or set of rules that specifies allowed or denied actions on resources within an IT environment, often used for governance, compliance, and security control.
Policy enforcement
Policy enforcement is the process of implementing and ensuring compliance with defined security rules and configurations across an IT environment.
Policy inheritance
Policy inheritance is the mechanism by which policies applied to a parent container in a hierarchical system automatically apply to all child objects within that container, unless explicitly blocked or overridden.
Pop-up ads
Pop-up ads are unsolicited browser windows or overlays that appear automatically while browsing, often used for advertising or, maliciously, to spread malware.
POP3
POP3 (Post Office Protocol version 3) is an email protocol that downloads messages from a mail server to a single device and then typically deletes them from the server.
Port Address Translation
A networking technique that maps multiple private IP addresses and their ports to a single public IP address using unique port numbers.
Port channel
A port channel is a technology that groups multiple physical network links into a single logical link to increase bandwidth and provide redundancy.
Port forwarding
Port forwarding is a network technique that directs incoming traffic from the internet to a specific device or service inside a private local network.
Port mirror
Port mirroring is a network monitoring technique that sends a copy of all packets seen on one switch port (or VLAN) to another port for analysis.
Port number
A port number is a 16-bit number used in networking to identify a specific application or service on a device in a network communication.
Port scanning
Port scanning is the process of probing a computer or network device to discover which network ports are open, closed, or filtered, revealing potential entry points for services and applications.
Port Scanning Techniques
Port scanning techniques are methods used to probe a computer or network to discover which network ports are open and which services are running on those ports.
Port security
Port security is a network switch feature that restricts which devices can connect to a port based on the device's MAC address, preventing unauthorized access.
PortFast
PortFast is a Cisco switch feature that immediately brings a port into the forwarding state, bypassing the normal Spanning Tree Protocol (STP) listening and learning phases, so that devices connected to that port can start communicating right away.
Portfolio management
Portfolio management is the centralized management of one or more project portfolios to achieve strategic objectives by evaluating, selecting, prioritizing, and allocating resources to the right projects or IT initiatives.
POST
Power-On Self-Test (POST) is a diagnostic process that a computer runs when it first powers on to check that essential hardware components are working correctly before loading the operating system.
POST Beep Codes
POST beep codes are audible signals from a computer's motherboard during startup that indicate whether the Power-On Self-Test (POST) has passed or detected a hardware error.
Post Office Protocol
Post Office Protocol (POP) is a standard internet protocol used by email clients to retrieve email from a remote server and download it to the user's local device.
Post-exploitation
Post-exploitation is the phase of a penetration test that begins after an attacker has gained initial access to a system, focusing on maintaining access, escalating privileges, moving laterally, and achieving the test's objectives.
Post-quantum cryptography
Post-quantum cryptography refers to cryptographic algorithms designed to resist the computational power of future quantum computers, which could break current public-key systems.
Postmortem
A postmortem is a structured review of an incident to identify what went wrong, what went well, and how to prevent future issues.
PostScript
PostScript is a page description language used by printers and other output devices to render text and graphics with high precision.
Potentially Unwanted Program
A Potentially Unwanted Program (PUP) is software that you did not intend to install and that can cause unwanted behavior on your system, such as showing excessive ads or slowing down performance.
Power Apps
Power Apps is a low-code platform from Microsoft that allows users to build custom business applications without needing traditional programming skills.
Power Automate
Power Automate is a cloud-based service from Microsoft that lets you create automated workflows between apps and services without writing code.
Power BI
Power BI is a Microsoft business analytics tool that transforms raw data into interactive visual reports and dashboards for informed decision-making.
Power connector
A power connector is the physical interface on a computer component or peripheral that receives electrical power from a power supply unit or other source to make the device function.
Power Distribution Unit
A Power Distribution Unit (PDU) is a device that distributes electrical power to multiple pieces of IT equipment, such as servers, switches, and routers, in a data center or server room.
Power over Ethernet
Power over Ethernet (PoE) is a technology that allows electrical power and data to be transmitted over a single Ethernet cable to devices like IP cameras, wireless access points, and VoIP phones.
Power Platform
Microsoft Power Platform is a set of low-code tools that let you build apps, automate workflows, analyze data, and create virtual agents without writing traditional code.
Power Supply Troubleshooting
Power supply troubleshooting is the process of identifying and fixing problems with a computer’s power supply unit (PSU) that prevent the system from turning on or working reliably.
Power supply unit
A power supply unit (PSU) is the hardware component that converts electricity from a wall outlet into usable power for a computer's internal components.
Power Supply Units
A power supply unit (PSU) is the hardware component that converts electrical power from a wall outlet into the correct voltages needed to run all the internal components of a computer.
Power Virtual Agents
Power Virtual Agents is a Microsoft cloud service that lets you create intelligent chatbots using a no-code graphical interface, without needing to write software code.
Power-on Self-test
The Power-on Self-test (POST) is a diagnostic process a computer runs immediately when you turn it on to check that essential hardware components are working correctly before loading the operating system.
PowerShell
PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and a scripting language built on the .NET framework.
PowerShell Basics
PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and a scripting language designed for system administration.
PowerShell script deployment
PowerShell script deployment is the process of automating the distribution and execution of PowerShell scripts across multiple computers in an IT environment to perform configuration, software installation, or security tasks.
PPA
A PPA (Personal Package Archive) is a software repository used primarily on Ubuntu-based Linux systems to distribute and install packages not included in the official repository.
PPTP
PPTP is an outdated VPN protocol that encapsulates PPP frames in IP packets for secure remote access, but is now considered insecure.
Practice
Practice in IT service management refers to the repeated application of processes, procedures, and skills to improve efficiency, reduce errors, and maintain consistent service delivery.
Pre-shared Key
A secret password or passphrase that two devices share beforehand to prove they are allowed to connect and communicate securely.
Precision Time Protocol
Precision Time Protocol is a network protocol used to synchronize clocks across devices with extremely high accuracy, often within microseconds or nanoseconds.
Predefined role
A predefined role is a set of permissions that Google Cloud automatically creates and maintains, giving you a ready-made way to control who can do what with your cloud resources.
Predictability
Predictability in cloud computing is the ability to reliably forecast performance, costs, and behavior of cloud resources over time.
Prediction
Prediction is the process of using data and algorithms to forecast future outcomes or identify patterns without explicit programming for each scenario.
Preemptible VM
A preemptible VM is a short-lived, low-cost virtual machine instance that cloud providers can terminate at any time, repurposing the underlying hardware for other tasks.
Prefix length
A prefix length is the number of bits in a subnet mask that identifies the network portion of an IP address, written after a slash (e.g., /24).
Prefix List
A prefix list is a Cisco access control tool that matches network prefixes and subnet masks to permit or deny routes in routing protocol updates and redistribution.
Preparation
Preparation is the first phase of incident response where organizations proactively establish policies, tools, training, and procedures to handle security incidents effectively.
Presigned URL
A presigned URL is a temporary, secure link that grants limited access to a private file stored in cloud storage without requiring the user to have cloud credentials.
Pretexting
Pretexting is a social engineering attack where the attacker fabricates a believable scenario or false identity to trick a victim into revealing sensitive information or performing an action.
Preventive control
A preventive control is a security measure designed to stop unauthorized access, attacks, or errors before they can occur.
Pricing Calculator
A Pricing Calculator is a tool that lets you estimate the cost of cloud services before you start using them.
Primary key
A primary key is a unique identifier for each record in a database table, ensuring that no two rows have the same value in that column.
Primitive role
A primitive role is a predefined, basic set of permissions in Google Cloud that grants limited, fixed access to a single service.
Print server
A print server is a dedicated device or software service that manages print jobs from multiple computers on a network, directing them to the appropriate printer and queuing tasks when the printer is busy.
Print spooler
A print spooler is a software service that manages print jobs by holding them in a queue and sending them to the printer one at a time.
Printer Command Language
Printer Command Language is a set of instructions that tells a printer how to format and print a page, developed by Hewlett-Packard.
Printer driver
A printer driver is software that translates data from a computer into a language a printer can understand so it can produce the correct output.
Printer queue
A printer queue is a list of print jobs waiting to be processed by a printer, managed by the computer's operating system to ensure orderly printing.
Privacy
Privacy in IT is the control over how personal data is collected, stored, used, and shared by systems and organizations.
Privacy and security
Privacy and security refer to the practices and technologies used to protect sensitive data from unauthorized access while ensuring individuals' rights over their personal information are respected.
Privacy risk management
Privacy risk management is the ongoing process of identifying, assessing, and responding to risks that could compromise the confidentiality, integrity, or availability of personal data.
Private cloud
A private cloud is a cloud computing environment that is used exclusively by a single organization, offering the benefits of cloud services — like scalability and self-service — but with dedicated infrastructure that is not shared with any other company.
Private DNS zone
A private DNS zone is a hosted DNS namespace that is only resolvable from within specific virtual networks or private environments, not from the public internet.
Private endpoint
A private endpoint is a network interface that securely connects a service over a private IP address inside a virtual network, keeping traffic off the public internet.
Private Google Access
Private Google Access lets virtual machines in a Google Cloud VPC reach Google APIs and services using private IP addresses, without needing public internet access.
Private IP address
A private IP address is a non-internet-routable address used within a local network to identify devices and allow them to communicate with each other without direct exposure to the public internet.
Private Link
Private Link is a technology that lets you connect your virtual network to a service over a private, secure connection inside the cloud provider's infrastructure, instead of going over the public internet.
Private subnet
A private subnet is a segmented portion of a cloud or on-premises network that is not directly accessible from the public internet, used to host internal resources securely.
PrivateLink
AWS PrivateLink is a service that lets you securely access services hosted on AWS VPCs as if they were on your own private network, without exposing traffic to the public internet.
Privilege escalation
Privilege escalation is when a user or attacker gains more access or control over a system than they are supposed to have.
Privileged access
Privileged access is a special level of permission that allows a user or system to perform high-impact actions like installing software, changing system settings, or accessing sensitive data across an IT environment.
Privileged access management
Privileged access management is a cybersecurity practice that controls and monitors the elevated access rights of users who have special permissions to critical systems and data.
Privileged account
A privileged account is a user account that has extra permissions beyond a standard user, allowing it to install software, change system settings, or access sensitive data.
Privileged Identity Management
Privileged Identity Management is a security system that controls, monitors, and audits access to sensitive systems by granting elevated permissions only when needed and for a limited time.
Proactive remediations
Proactive remediations are automated actions taken in advance to fix or prevent known IT issues before they affect users or systems.
Proactive Troubleshooting
Proactive troubleshooting is the practice of identifying and fixing network issues before they affect users, using continuous monitoring and analysis rather than waiting for something to break.
Problem management
Problem management is the IT practice of identifying and resolving the root causes of incidents to prevent them from happening again, rather than just fixing symptoms.
Procedure
A documented set of step-by-step instructions for performing a specific task or handling a particular situation in an IT environment.
Process
In IT service management, a process is a structured set of activities designed to accomplish a specific objective, such as managing incidents or changes, by transforming inputs into defined outputs.
Process Memory Dump
A process memory dump is a snapshot of all the data a specific running program has stored in RAM at a single moment, used for analyzing its behavior and contents.
Procurement Management
Procurement management is the process of planning, conducting, and controlling the purchase of goods or services from external suppliers to meet project needs.
Productivity app
A productivity app is a software application designed to help individuals and teams complete tasks efficiently, manage time, and organize work within a business environment.
Profiler
A profiler is a tool that monitors and analyzes the performance, resource usage, and behavior of software applications or systems to identify bottlenecks and optimize efficiency.
Progress iteratively
Progress iteratively means continuously improving a product or service through repeated cycles of small adjustments, rather than trying to get everything perfect all at once.
Project
A project is a temporary endeavor with a defined beginning and end, undertaken to create a unique product, service, or result, managed through specific processes in IT environments.
Project Charter
A project charter is a formal document that authorizes the existence of a project and gives the project manager the authority to use organizational resources to complete the project.
Project management
Project management is the practice of planning, organizing, and controlling resources to achieve specific goals within a set timeframe and budget.
Project Management Plan
A formal, approved document that defines how a project is executed, monitored, controlled, and closed, serving as the single source of truth for the project team.
Project Selection Methods
Project selection methods are structured techniques used to evaluate and choose which projects an organization should pursue based on strategic goals, financial returns, and available resources.
Project Team Management
Project Team Management is the process of leading, coordinating, and supporting a group of people to complete project tasks and achieve project objectives.
Prompt engineering
Prompt engineering is the practice of designing and refining input queries to AI models to get the most accurate, relevant, and useful outputs.
Proof of concept
A proof of concept is a small, informal test to see if an idea, technology, or method can actually work in the real world before you commit major time or money to it.
Proper disposal
Proper disposal is the secure and environmentally responsible process of destroying, recycling, or discarding IT equipment and data-bearing devices to prevent data breaches and comply with regulations.
Protect mode
Protect mode is a security feature on Cisco switches that prevents a port from learning new MAC addresses once it exceeds a configured limit, but unlike errdisable, it does not shut down the port or generate an SNMP trap.
Protected health information
Protected health information (PHI) is any health data that can identify an individual and is subject to strict privacy and security regulations.
Protocol number
A protocol number is a unique numeric identifier that tells a computer which protocol to use when processing network traffic.
Provisioned capacity
Provisioned capacity is the reserved amount of performance (throughput and storage) assigned to a service, guaranteeing it can handle a specified workload without unexpected limits.
Provisioned concurrency
Provisioned concurrency is a feature in serverless computing that keeps a specified number of function instances initialized and ready to respond immediately, eliminating cold start delays.
Provisioning
Provisioning is the process of setting up and configuring IT resources, such as user accounts, devices, or network services, so they are ready for use.
Provisioning package
A provisioning package is a collection of configuration settings that can be applied to Windows devices to automate setup, enforce policies, and install applications without manual intervention.
Proxy
A proxy is an intermediary server that sits between a client and a destination server, forwarding requests and responses while providing security, privacy, and control.
Proxy log
A proxy log is a record of all traffic that passes through a proxy server, capturing details like source IP, destination URL, timestamps, and content type for security analysis and monitoring.
Proxy server
A proxy server is an intermediary device or software that sits between your computer and the internet, forwarding requests and responses while providing security, privacy, and caching.
Pseudonymization
Pseudonymization is a data processing technique that replaces private identifiers with artificial identifiers, or pseudonyms, to protect personal data while still allowing for analysis and processing.
PSK
A pre-shared key (PSK) is a secret string of characters shared in advance between two parties to authenticate and encrypt wireless or VPN communications.
PSU
A PSU converts AC mains power into regulated DC voltages required by computer components, ensuring stable operation.
PTP
Precision Time Protocol (PTP) synchronizes clocks across a network to sub-microsecond accuracy, critical for time-sensitive applications.
PTR record
A PTR record is a type of DNS record that maps an IP address to a domain name, essentially performing the reverse of the more common A record.
Pub/Sub
Pub/Sub is a messaging pattern where publishers send messages without knowing who receives them, and subscribers receive only the messages they care about.
Public cloud
A public cloud is a computing model where third-party providers deliver IT resources like servers, storage, and applications over the internet to multiple customers on a pay-as-you-go basis.
Public IP address
A globally unique IP address assigned to a device that allows it to communicate directly over the internet.
Public key authentication
Public key authentication is a cryptographic method that uses a pair of keys—a public key shared openly and a private key kept secret—to verify identity and secure communications.
Public Key Infrastructure
Public Key Infrastructure is a system of policies, roles, hardware, and software that manages digital certificates and public-key encryption to secure communications and verify identities online.
Public subnet
A public subnet is a segment of a cloud Virtual Private Cloud (VPC) or traditional network that has a direct route to the internet via an Internet Gateway, allowing resources within it to send and receive traffic from the public internet.
Pull request
A pull request is a way for a developer to propose changes to a codebase and ask other team members to review and merge them into the main project.
Punchdown tool
A punchdown tool is a handheld device used by network technicians to push wires into insulation-displacement connectors on keystone jacks, patch panels, and punchdown blocks, securing a reliable electrical connection without stripping the insulation.
Purple team
A purple team is a collaborative approach in cybersecurity where the offensive (red) and defensive (blue) teams work together to improve an organization's security posture by sharing insights and tactics.
pvs
Pvs (Physical Volume) is a foundational storage unit in Linux LVM (Logical Volume Manager) that represents a physical disk or partition used to build flexible, resizable storage pools.
PVST+
PVST+ (Per-VLAN Spanning Tree Plus) is a Cisco proprietary enhancement of the Spanning Tree Protocol that runs a separate instance of STP for each VLAN, allowing per-VLAN load balancing while maintaining loop-free topology.
PXE
PXE is a client-server protocol that allows a computer to boot from a network interface card without a local storage device.
Python for Network Engineers
Python for Network Engineers is the use of the Python programming language to automate, configure, monitor, and troubleshoot network devices like routers and switches.
QoS
QoS (Quality of Service) is a network technique that manages data traffic to ensure critical applications get the bandwidth and low latency they need.
QoS Classification and Marking
QoS Classification and Marking is the process of identifying network traffic by type and assigning a priority label to ensure important data gets handled first.
QoS Queuing and Shaping
QoS Queuing and Shaping is a set of traffic management techniques that control how network packets are prioritized, delayed, or smoothed to ensure critical applications perform well even during congestion.
QSFP
QSFP stands for Quad Small Form-factor Pluggable, a compact, hot-pluggable transceiver used in networking to send and receive high-speed data over fiber optic or copper cables.
Quad Small Form-factor Pluggable
A Quad Small Form-factor Pluggable (QSFP) is a compact, hot-pluggable transceiver module used in networking to connect switches, routers, and servers to fiber optic or copper cables, supporting four data channels in one module.
Qualitative risk analysis
Qualitative risk analysis is a subjective, scenario-based approach to prioritizing information security risks by evaluating their likelihood and potential impact using predefined scales rather than numerical calculations.
Quality Management
Quality Management is the practice of defining, monitoring, and controlling the processes and deliverables of a project to ensure they meet the required standards and stakeholder expectations.
Quality of Service
Quality of Service (QoS) is a set of technologies used to manage network traffic by prioritizing certain types of data to ensure reliable performance for critical applications.
Quality update
A quality update is a type of software patch from Microsoft that focuses on fixing security vulnerabilities, bugs, and improving system stability for Windows operating systems.
Quality update policy
A quality update policy is a set of rules and schedules that IT administrators use to control which Windows updates are deployed to devices to ensure stability, security, and compatibility.
Quantitative risk analysis
Quantitative risk analysis is a structured process that uses numerical data and statistical methods to calculate the potential financial impact of risks on an organization's assets and projects.
Quantum computing
Quantum computing is a type of computation that uses quantum bits (qubits) and principles of quantum mechanics to process information in ways that classical computers cannot.
Quarantine
Quarantine is a security process that isolates a potentially malicious file, email, or device from the rest of the system to prevent harm while it is analyzed or remediated.
Query
A query is a request for information from a database, asking a specific question to retrieve, update, or manipulate data.
Query Store
Query Store is a built-in SQL Server feature that captures and stores a history of query execution plans and performance data for easy monitoring and troubleshooting.
Question answering
Question answering is an Azure AI service that lets you build a natural language query system that extracts answers from a custom knowledge base of documents or FAQs.
Queue storage
Queue storage is a cloud service that lets applications send and receive messages in a first-in, first-out order to decouple components and handle asynchronous workloads.
RA-GRS
RA-GRS (Read-Access Geo-Redundant Storage) is an Azure storage replication option that provides read access to a secondary region copy of your data, even if the primary region becomes unavailable.
Radio Frequency Identification
Radio Frequency Identification (RFID) is a wireless technology that uses radio waves to automatically identify and track tags attached to objects, people, or animals without requiring direct line-of-sight.
RADIUS
RADIUS is a network protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service.
RADIUS vs TACACS+
RADIUS and TACACS+ are two network protocols used to verify user identities and control access to network devices and services, with different approaches to security and flexibility.
RAG
Retrieval-Augmented Generation (RAG) is a technique that combines information retrieval with text generation to produce more accurate and contextually relevant answers from large language models.
RAID
RAID (Redundant Array of Independent Disks) is a data storage technology that combines multiple physical disk drives into one or more logical units for improved performance, fault tolerance, or both.
RAID 0
RAID 0 is a storage configuration that combines multiple hard drives into one logical unit to improve speed and capacity, but with no fault tolerance or data protection.
RAID 1
RAID 1 is a data storage method that creates an exact copy of data on two or more drives so that if one fails, your information is safe.
RAID 10
RAID 10 combines RAID 1 mirroring and RAID 0 striping to provide both high performance and fault tolerance by writing identical data across mirrored pairs that are then striped for speed.
RAID 5
RAID 5 is a disk array configuration that uses block-level striping with distributed parity to provide fault tolerance and good read performance while using storage space efficiently.
RAID Levels
RAID (Redundant Array of Independent Disks) levels are different configurations that combine multiple hard drives or SSDs to improve performance, reliability, or both.
Rainbow table
A rainbow table is a precomputed list of password hashes used to reverse weak passwords quickly without guessing each one live.
RAM
RAM (Random Access Memory) is your computer's short-term memory, temporarily holding data the CPU needs right now or very soon.
RAM
RAM (Random-Access Memory) is volatile computer memory that temporarily stores data for quick access by the CPU.
RAM Analysis
RAM Analysis is the forensic examination of a computer’s volatile memory to uncover evidence of running processes, network connections, malware, and user activity that is lost when the system is powered off.
RAM Types DDR
DDR RAM is a type of computer memory that transfers data twice per clock cycle, making it faster than older memory types.
Ransomware
Ransomware is a type of malicious software that encrypts a victim's files or locks them out of their system, demanding payment, usually in cryptocurrency, to restore access.
Rapid provisioning
Rapid provisioning is the automated and fast deployment of IT resources, such as servers, storage, and networking, often through templates and scripts, to reduce setup time from days to minutes.
Rapid PVST+
Rapid PVST+ is a Cisco-proprietary enhancement of the Spanning Tree Protocol that creates a separate spanning tree instance for each VLAN and uses Rapid Spanning Tree Protocol (802.1w) to provide much faster convergence after a network topology change.
Rapid Security Response
A Rapid Security Response is an emergency software patch from Apple that fixes critical security flaws in iOS, iPadOS, macOS, and other Apple operating systems without requiring a full system update.
Rapid Spanning Tree Protocol
Rapid Spanning Tree Protocol (RSTP) is a network protocol that prevents loops in Ethernet networks by quickly recalculating the best path when a link fails.
RBAC
RBAC is a method of restricting network access based on the roles of individual users within an organization, where permissions are assigned to roles rather than to individuals directly.
RBAC Configuration
RBAC Configuration is the process of defining who can do what with which resources in a system by assigning roles that carry specific permissions.
RDP
Remote Desktop Protocol is a Microsoft protocol that lets you connect to and control another computer over a network as if you were sitting in front of it.
RDS
Amazon Relational Database Service (RDS) is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud without needing to manage the underlying server or software.
Reachability Analyzer
A Reachability Analyzer is a tool or feature that tests whether a network path exists between two endpoints, verifying connectivity and identifying potential routing or firewall issues.
Read replica
A read replica is a copy of a database that is used only to handle read queries, taking load off the primary database.
Read-access geo-redundant storage
Read-access geo-redundant storage (RA-GRS) is a cloud storage replication option that maintains three synchronous copies in one primary region and three asynchronous copies in a secondary region, while allowing read access to the secondary copy even during normal operations.
Reader role
A Reader role is a predefined set of permissions in identity and governance systems that allows a user to view resources and data but not create, modify, or delete anything.
Readiness Probes
A Kubernetes mechanism that checks if a container is ready to start accepting traffic and serve requests.
Received Signal Strength Indicator
Received Signal Strength Indicator (RSSI) is a measurement of how strong a wireless signal is when it reaches a receiving device, like a laptop connecting to Wi-Fi.
Receiver
A receiver is a hardware device or software component that accepts incoming signals, data, or transmissions from a sender over a communication channel.
Records Management
Records management is the systematic control of an organization's records, from creation or receipt through processing, distribution, maintenance, storage, retrieval, and disposal, ensuring integrity, compliance, and availability.
Recovery
Recovery is the process of restoring systems, data, and operations after a security incident, failure, or disaster to return to normal functioning.
Recovery key
A recovery key is a unique code or physical device used to regain access to an encrypted system or account when the primary authentication method, such as a password or biometric, is lost or unavailable.
Recovery partition
A hidden section on a computer's hard drive that contains the files needed to restore the operating system to its factory state.
Recovery point objective
Recovery point objective (RPO) is the maximum acceptable amount of data loss measured in time, determining how frequently backups must be taken.
Recovery Services vault
A Recovery Services vault is a secure storage container in Microsoft Azure that holds backup data and replication settings for virtual machines, databases, and other cloud resources, enabling you to restore them if something goes wrong.
Recovery time objective
Recovery time objective (RTO) is the maximum acceptable time that an IT system can be offline after a failure before the business is severely impacted.
Recursive lookup
A recursive lookup is a query process where a DNS resolver asks multiple DNS servers one after another until it finds the IP address for a domain name, rather than relying on pre-stored information.
Red team
A red team is a group of security professionals who simulate real-world attacks on an organization's systems, people, and facilities to test the effectiveness of its defenses.
Red-Green-Blue
Red-Green-Blue (RGB) is a color model that combines red, green, and blue light to create a wide range of colors, primarily used in digital displays and imaging systems.
Redirection
Redirection is a mechanism that sends output or input from a command or program to a different destination, such as a file, another command, or a device, instead of the default screen or keyboard.
Redis
Redis is an open-source, in-memory data structure store used as a database, cache, and message broker for high-speed data access.
Redshift
Amazon Redshift is a fully managed, petabyte-scale cloud data warehouse service that uses SQL to analyze large datasets quickly and efficiently.
Redundancy
Redundancy is the practice of adding extra components or systems so that if one fails, another can take over without interruption.
Redundant Array of Independent Disks
A technology that combines multiple physical hard drives into a single logical unit to improve performance, reliability, or both.
Reference monitor
A trusted, always-active component of a computer's operating system that enforces security policies by checking every access request to files, memory, or devices before allowing it.
Refresh token
A refresh token is a special credential used to obtain new access tokens without requiring the user to re-authenticate, enabling long-lived sessions in modern identity systems.
Regex
Regex (regular expression) is a sequence of characters that defines a search pattern, used to match, find, or manipulate text in strings.
Region
A region is a distinct geographic location where a cloud provider operates multiple data centers that are connected by low-latency networks and provide cloud services.
Region pair
A region pair is two Azure regions within the same geography that are at least 300 miles apart and are used together to provide data residency, compliance, and high availability through paired recovery and updates.
Regional
Regional refers to a deployment strategy where cloud resources are distributed across multiple geographic areas to improve availability, reduce latency, and meet compliance requirements.
Regional load balancer
A regional load balancer distributes incoming network traffic across resources located in multiple geographic regions to ensure high availability, low latency, and fault tolerance at a global scale.
Regional Persistent Disk
Regional Persistent Disk is a durable, block-level storage option in Google Cloud that automatically replicates data across two zones in a region to protect against zone failures.
Registered Jack Function 11
A modular connector standard used for Ethernet cabling, commonly known as the 8P8C connector with a specific wiring pattern for structured network wiring.
Registered Jack Function 45
An RJ45 connector is the clear plastic plug at the end of an Ethernet cable that connects computers, routers, and switches to form a wired network.
Registry
The Windows Registry is a central hierarchical database that stores configuration settings and options for the operating system, hardware, software, and user preferences.
Registry Editor
The Registry Editor is a built-in Windows tool used to view and modify the Windows Registry, a hierarchical database storing configuration settings for the operating system, applications, and hardware.
Regression
Regression is a type of machine learning algorithm that predicts a continuous numeric output based on input data, used to model relationships between variables.
Regulatory requirement
A regulatory requirement is a rule issued by a government or industry authority that organizations must follow, often to protect data, ensure safety, or maintain fair practices.
Reinforcement learning
Reinforcement learning is a machine learning approach where an agent learns to make decisions by taking actions in an environment to maximize cumulative reward.
Relational database
A relational database organizes data into tables with rows and columns, where each table relates to others using unique keys, allowing efficient storage, retrieval, and manipulation of structured information.
Relationship management
Relationship management is the process of building, maintaining, and improving connections between IT service providers and their customers or stakeholders to ensure satisfaction and alignment of services with business needs.
Release approval
A checkpoint in Azure DevOps that requires manual or automated validation before a release can proceed to a specific environment.
Release channel
A release channel is a specific track of software updates, such as stable, beta, or insider, that determines when and how users receive new features, fixes, and security patches.
Release management
Release management is the process of planning, scheduling, coordinating, and deploying software updates or changes into a production environment in a controlled and predictable way.
Release pipeline
A Release pipeline is an automated sequence of steps that takes software from code commit to production deployment, ensuring quality and consistency.
Reliability
Reliability is the measure of a system's ability to consistently perform its intended functions without failure over a specified period of time under stated conditions.
Reliability and safety
Reliability and safety in IT means that systems consistently perform their intended functions without failure and that they operate without causing harm to people, data, or the environment.
Reliability engineering
Reliability engineering is the practice of designing, testing, and maintaining systems to ensure they operate without failure for a specified period under stated conditions.
Reliability pillar
The Reliability pillar is a set of best practices in cloud architecture that ensures a system can recover from failures, scale to meet demand, and deliver consistent performance over time.
Remediation
Remediation is the process of fixing or eliminating vulnerabilities, misconfigurations, or security weaknesses in an IT environment.
Remediation recommendation
A remediation recommendation is a prioritized, actionable suggestion for fixing a security vulnerability, misconfiguration, or compliance gap identified during an assessment or scan.
Remediation script
A remediation script is an automated set of instructions that detects and fixes common IT security or configuration issues without manual intervention.
Remote Authentication Dial-in User Service
RADIUS is a network protocol that provides centralized authentication, authorization, and accounting for users trying to connect to a network service.
Remote Desktop Protocol
Remote Desktop Protocol is a technology that lets you connect to and control another computer from a different location, as if you were sitting in front of it.
Remote lock
Remote lock is a security feature that allows an administrator to lock a device from a remote location, preventing unauthorized access if the device is lost or stolen.
Remote Monitoring and Management
Remote Monitoring and Management (RMM) is a technology that allows IT professionals to monitor, manage, and maintain computer systems and networks from a distant location without being physically present.
Remote wipe
Remote wipe is a security feature that allows an administrator or user to remotely and permanently delete data from a lost or stolen device to prevent unauthorized access.
ReplicaSet and Replication
A ReplicaSet ensures a specified number of identical pod instances are running at all times in Kubernetes, using replication to maintain availability and stability.
Replication
Replication is the process of copying and synchronizing data across multiple servers or storage devices to ensure availability, reliability, and fault tolerance.
Report
A report in Azure data services is a structured output that summarizes, visualizes, or details data stored in cloud databases or data warehouses, often used for business intelligence and monitoring.
Repository
A repository is a central storage location where software packages, code, or configuration files are kept, managed, and distributed for use by IT systems.
Request unit
A request unit (RU) is a normalized measure of the computational capacity and resources needed to perform a database operation in Azure Cosmos DB.
Reserved Instance
A Reserved Instance is a billing discount applied to your usage of virtual machines or other compute resources when you commit to using a specific configuration for a one- or three-year term.
Residual risk
Residual risk is the level of risk that remains after all security controls and countermeasures have been applied.
Resilient File System
Resilient File System (ReFS) is a Microsoft file system designed to maximize data availability, resist corruption, and handle large volumes of data efficiently.
Resource
A resource is any component, service, or asset in a computing environment that can be allocated, used, or consumed to perform a task or support a process.
Resource group
A logical container in Microsoft Azure that holds related resources for an application or solution, enabling unified management, security, and billing.
Resource hierarchy
Resource hierarchy is the structured, parent-child ordering of cloud resources that governs access control, policy inheritance, and resource organization across a cloud platform.
Resource lock
A resource lock is a cloud governance feature that prevents accidental deletion or modification of critical cloud resources by applying a read-only or delete-only restriction at the resource, resource group, or subscription level.
Resource policy
A resource policy is a set of rules that controls who can access a specific cloud resource and what actions they can perform on it.
Resource pooling
Resource pooling is a cloud computing model where a provider's computing resources are shared across multiple tenants, with resources dynamically assigned and reassigned based on demand.
Resource quota
A resource quota is a cloud computing limit that restricts how much of a shared resource, like CPU time, memory, or storage, a single user or project can consume.
Resource Quotas
Resource Quotas are Kubernetes policies that limit the total amount of compute resources (like CPU and memory) that can be consumed by all containers running in a particular namespace.
Resource Requests and Limits
Resource Requests and Limits are Kubernetes settings that tell the system how much CPU and memory a container needs and how much it is allowed to use at most.
Responsible AI
A framework of ethical principles and practices that ensure artificial intelligence systems are developed and deployed in a transparent, fair, accountable, and safe manner.
REST API
A REST API is a set of rules that allows different software applications to communicate with each other over the internet using standard HTTP methods.
REST API for Network Devices
A REST API for network devices is a set of rules that allows software applications to communicate with routers, switches, and firewalls using standard web methods like GET, POST, PUT, and DELETE over HTTP or HTTPS.
RESTCONF
RESTCONF is a protocol that uses HTTP methods to manage and configure network devices, replacing older command-line methods with a modern web-based approach.
RESTCONF Protocol
RESTCONF is a protocol that uses HTTP methods to read and change network device configurations, making network automation simpler for beginners.
Restrict mode
Restrict mode is a port security violation action on a managed switch that allows the port to stay active and forward traffic for authorized devices, but discards traffic from unauthorized devices while logging the violation.
Retention label
A retention label is a tag applied to emails, documents, or files in Microsoft 365 that tells the system how long to keep the item and what to do with it when the time is up.
Retention policy
A retention policy is a set of rules that determines how long an organization keeps its data and what happens to it when the retention period expires.
Retire device
Retire device is the IT process of securely decommissioning and removing a device from an organization's network and asset inventory, ensuring data is wiped and the device is no longer managed or accessible.
Retrieval augmented generation
Retrieval augmented generation (RAG) is a technique that combines information retrieval with text generation to produce more accurate and contextually relevant answers.
Retry policy
A retry policy is a set of rules that automatically re-attempts a failed operation after a defined interval, up to a maximum number of tries.
Reverse engineering
Reverse engineering is the process of deconstructing a system, software, or hardware to understand its design, functionality, and operation, often for analysis, replication, or improvement.
Reverse proxy
A reverse proxy is a server that sits in front of one or more backend servers, intercepting client requests and forwarding them to the appropriate server, then returning the server's response to the client as if it came from the reverse proxy itself.
Reverse shell
A reverse shell is a type of remote access attack where the target machine initiates an outbound connection back to the attacker, allowing the attacker to execute commands on the compromised system.
Revolutions Per Minute
Revolutions Per Minute (RPM) measures how many full rotations a spinning component, such as a hard drive platter or a cooling fan, completes in one minute.
RFID
RFID uses radio waves to wirelessly identify and track tags attached to objects, enabling automatic data capture without line-of-sight.
RFID Hacking
RFID hacking is the practice of exploiting security weaknesses in Radio Frequency Identification systems to read, clone, or manipulate data on RFID tags without authorization.
Right-sizing
Right-sizing is the process of optimizing IT resources such as compute, memory, storage, and network capacity to match actual workload requirements, preventing both overprovisioning and underprovisioning.
RIP
RIP (Routing Information Protocol) is a distance-vector routing protocol that routers use to exchange information about network paths to determine the best route for data packets based on hop count.
RISC
RISC is a CPU design philosophy that uses a small, highly optimized set of instructions to execute operations quickly and efficiently.
Risk
Risk is the possibility that an event or action will negatively affect an organization's ability to achieve its goals, often measured in terms of likelihood and impact.
Risk acceptance
Risk acceptance is a risk management strategy where an organization acknowledges a potential risk but decides to tolerate it without taking active measures to reduce or eliminate it.
Risk appetite
Risk appetite is the amount of risk an organization is willing to accept in pursuit of its objectives, defining the boundaries for decision-making.
Risk assessment
Risk assessment is the process of identifying, analyzing, and evaluating potential threats to an organization's assets to determine the likelihood and impact of those threats, and to decide on appropriate treatment measures.
Risk avoidance
Risk avoidance is a risk management strategy that involves eliminating any activity, process, or technology that introduces a specific risk, rather than trying to reduce or accept it.
Risk management
Risk management is the process of identifying, assessing, and controlling threats to an organization's capital, earnings, and operations, including IT systems and data.
Risk Management Plan
A Risk Management Plan is a formal document that describes how a project team will identify, analyze, respond to, and monitor risks throughout the life of a project.
Risk mitigation
Risk mitigation is the process of reducing the likelihood or impact of a potential security threat to an acceptable level through specific controls and actions.
Risk rating
A risk rating is a score or label assigned to a potential security threat or vulnerability that indicates how likely it is to cause harm and how severe that harm would be.
Risk register
A risk register is a formal document that lists and tracks all identified risks to an IT project, system, or organization, including their assessed impact, probability, and planned responses.
Risk score
A risk score is a numerical value that represents the level of risk associated with a given asset, threat, or vulnerability in a security context.
Risk tolerance
Risk tolerance is the amount of risk an organization or individual is willing to accept in pursuit of its objectives, defining the boundary between acceptable and unacceptable losses.
Risk transfer
Risk transfer is the practice of shifting the financial burden of a potential loss to another party, typically through insurance or contracts.
Risk treatment
Risk treatment is the process of selecting and implementing measures to modify risk, which can include avoiding, accepting, mitigating, or transferring the risk.
Risk-based access
Risk-based access is a security model that dynamically adjusts access permissions based on the assessed risk of each access request, rather than granting a static level of access to all users.
Risk-based vulnerability management
Risk-based vulnerability management is a cybersecurity approach that prioritizes the fixing of security weaknesses based on the level of risk they pose to an organization's specific environment, rather than just addressing all vulnerabilities in the order they are found.
RJ45
RJ45 is a standardized physical connector used to plug Ethernet cables into computers, routers, switches, and other networking devices.
rmmod
rmmod is a Linux command used to remove a kernel module from the running kernel, freeing resources without requiring a system reboot.
Roadmap
A roadmap is a high-level plan that shows the major steps or milestones needed to reach a specific goal, often used in IT to map out learning paths, career progression, or project timelines.
Rogue access point
A rogue access point is an unauthorized wireless access point installed on a network without the network administrator's knowledge or permission, creating a serious security vulnerability.
Rogue AP
A Rogue Access Point is an unauthorized wireless access point connected to a network without the network administrator's permission, creating a serious security vulnerability.
ROI and NPV Analysis
ROI and NPV Analysis helps project managers compare the financial value of different projects or investments by measuring returns on money spent and the time value of money.
Role
A role is a named set of permissions that can be assigned to users or groups to control access to resources in an IT environment.
Role assignment
Role assignment is the process of granting a specific set of permissions to a user, group, or service principal so they can perform certain actions within a system.
Role Based Access Control Design
Role Based Access Control Design is the process of planning and defining who can access specific resources in a system based on their job role, not their identity.
Role group
A role group is a collection of permissions in Microsoft 365 or Azure that bundles multiple administrative roles into a single unit for easier assignment.
Rolling deployment
A rolling deployment is a software release strategy that gradually replaces old application instances with new ones across a cluster of servers, one at a time or in small batches, to ensure zero downtime and continuous service availability.
ROM
ROM (Read-Only Memory) is a type of computer memory that permanently stores important instructions needed to start up and run hardware, and its contents cannot be easily changed or erased.
ROMMON
ROMMON is the low-level firmware stored in the router's ROM that provides a minimal operating system for booting the device, password recovery, and troubleshooting when the main IOS image is missing or corrupted.
Root bridge
The root bridge is the central reference point in a Spanning Tree Protocol (STP) network, serving as the logical root of the spanning tree topology.
Root cause analysis
Root cause analysis is a systematic process used to identify the fundamental underlying cause of a problem, rather than just treating its symptoms.
Root Guard
Root Guard is a Spanning Tree Protocol (STP) feature that protects the root bridge placement on a network port to prevent unauthorized switches from becoming the root bridge.
Root port
A root port is the port on a non-root switch in a Spanning Tree Protocol network that has the lowest cost path to the root bridge.
Root user
The root user is the superuser on Linux and Unix-like systems with unrestricted permissions to execute any command and access any file on the system.
Rootkit
A rootkit is a type of malware that hides its presence and the presence of other malicious software on a computer, often by modifying the operating system itself.
Rootkit Installation
Rootkit installation is the process by which an attacker places hidden malicious software on a system to gain persistent, stealthy administrative access while avoiding detection by the operating system and security tools.
Route
A route is a path that data takes through a network from one device or network to another, determined by routing protocols and configured rules.
Route 53
Route 53 is Amazon Web Services’ cloud-based Domain Name System (DNS) web service that translates human-readable domain names into IP addresses and routes end-user requests to internet applications.
Route 53 health check
A Route 53 health check is a feature of Amazon Route 53 DNS service that monitors the availability and performance of an endpoint, such as a web server, from multiple global locations to automatically route traffic away from failures.
Route Map
A route map is a configuration tool in Cisco networking that controls how traffic is routed or manipulated by setting conditions and actions, much like a decision tree for network packets.
Route Redistribution
Route redistribution is the process of sharing routing information from one routing protocol to another within a network.
Route Redistribution Between Protocols
Route redistribution between protocols is the process of taking routes learned from one routing protocol and injecting them into another routing protocol so that networks using different protocols can communicate.
Route summarization
Route summarization is a technique that combines multiple network routes into a single, more general route advertisement to reduce the size of routing tables and improve network performance.
Route table
A route table is a set of rules, called routes, that determine where network traffic from a subnet or virtual network is directed.
Router
A router is a networking device that connects different networks together and directs data traffic between them by choosing the best path for data to travel.
Router Advertisement
A Router Advertisement is a message sent by a router on a network to inform devices about the router's presence and provide them with essential configuration information for communication.
Router ID
The Router ID is a unique 32-bit identifier assigned to a router running the OSPF routing protocol, used to distinguish it from other routers in the network.
Router-on-a-stick
A router-on-a-stick is a network configuration where a single router interface is used to route traffic between multiple VLANs by connecting to a switch through a trunk link.
Routing Information Protocol
Routing Information Protocol (RIP) is a distance-vector routing protocol that routers use to exchange information about network paths, using hop count as its metric to find the shortest route.
Routing table
A routing table is a data set stored in a router or host that contains information about network paths and is used to determine where to forward data packets.
Row
A row is a horizontal record in a database table that contains all the information about a single entity, like one customer or one product.
Row-Level Security
Row-Level Security is a database feature that restricts which rows of data a user can see based on their identity or role, acting like a custom filter per person.
RPF Check
Reverse Path Forwarding check is a security feature that helps prevent IP spoofing by verifying that a packet's source address is reachable through the interface on which it was received.
rpm
RPM Package Manager (originally Red Hat Package Manager) is a powerful command-line utility for installing, updating, removing, querying, and verifying software packages on Linux systems that use the .rpm package format.
RPO
Recovery Point Objective (RPO) is the maximum acceptable amount of data loss measured in time, defining how recent data must be to resume operations after a disruption.
RRM
Radio Resource Management is a set of Cisco wireless LAN controller algorithms that automatically manage radio frequency channels, power levels, and coverage to optimize wireless network performance and reliability.
RSA
RSA is a cryptographic algorithm that uses a pair of keys—a public key and a private key—to secure data in transit and verify identities.
RSSI
RSSI is a measurement of the power level in a received radio signal, used by wireless devices to gauge signal strength.
RSTP
RSTP (Rapid Spanning Tree Protocol) is a network protocol that quickly detects and recovers from link failures in Ethernet networks to prevent loops and ensure fast convergence.
rsync
rsync is a command-line tool that synchronizes files and directories between two locations efficiently by transferring only the differences.
RTO
Recovery Time Objective is the maximum acceptable time to restore a system or data after a disaster, defining how quickly normal operations must resume.
RTP
RTP is a network protocol for delivering audio and video over IP networks in real time, supporting streaming media applications.
RTP
RTP is a network protocol for delivering audio and video over IP networks in real time, with sequencing and timing but no retransmission.
RU
RU stands for Request Unit, a measure of throughput in Azure Cosmos DB that represents the amount of database operations a request consumes.
Rule priority
Rule priority is the order in which a system applies conflicting rules, with higher priority rules overriding lower priority ones to determine the final outcome.
Rule-based access control
Rule-based access control (RuBAC) is a method of managing access to resources by evaluating a set of predefined rules that combine conditions such as time, location, device, and user attributes to allow or deny access.
Rules of engagement
Rules of engagement are the documented guidelines that define the scope, boundaries, and authorized actions a security tester may take during a penetration test or security assessment.
Run command
The Run command is a built-in feature in Windows operating systems that allows you to quickly open programs, files, folders, and system tools by typing a specific command or path directly into a small dialog box.
Runbook
A runbook is a documented set of step-by-step procedures that IT teams use to handle routine operations, incidents, and maintenance tasks consistently and efficiently.
Runlevel
A runlevel is a software configuration of a Unix-like operating system that defines which system services are running, essentially setting the system's operational state.
RX
RX (Receive / Receiver) is the signal path or hardware component that accepts incoming data from a network medium.
S3
Amazon Simple Storage Service (S3) is a highly scalable, secure, and durable object storage service in the cloud, used to store and retrieve any amount of data from anywhere on the web.
S3 bucket
An S3 bucket is a container in Amazon Web Services that holds objects like files, images, and videos, allowing you to store and retrieve any amount of data from anywhere on the internet.
S3 bucket policy
An S3 bucket policy is a JSON-based resource-based access control document that defines who can access an Amazon S3 bucket and its objects, and what actions they can perform.
S3 event notification
S3 event notification is an AWS feature that automatically sends a message to a destination service when a specific event occurs in an Amazon S3 bucket.
S3 Glacier
Amazon S3 Glacier is a secure, durable, and extremely low-cost cloud storage service designed for long-term data archiving and backup, where data is rarely accessed but must be retained for months or years.
S3 lifecycle policy
An S3 lifecycle policy is a set of rules that automatically transitions objects between storage classes or deletes them after a specified time to optimize cost and manage data lifecycles.
S3 Object Lock
S3 Object Lock is an AWS feature that allows you to set a retention period or a legal hold on objects in Amazon S3 to prevent them from being deleted or overwritten.
S3 replication
S3 replication automatically copies objects from one Amazon S3 bucket to another to improve data durability, availability, or compliance.
S3 storage class
S3 storage classes are categories of data storage in Amazon S3 that determine availability, durability, retrieval time, and cost based on how often and how quickly you need to access your data.
S3 versioning
S3 versioning is an Amazon S3 feature that keeps multiple versions of an object in a bucket, so you can recover from accidental deletion or overwrite.
SaaS
Software as a Service (SaaS) is a cloud computing model where you use software over the internet without installing it on your own computer.
Safe Attachments
Safe Attachments is a Microsoft Defender for Office 365 feature that opens email attachments in a virtual sandbox to detect and block malicious content before they reach your inbox.
Safe Links
Safe Links is a Microsoft Defender for Office 365 feature that scans URLs in emails and documents in real time to protect users from malicious websites.
Safe Mode
Safe Mode is a diagnostic startup mode in operating systems that loads only essential drivers and services, allowing users to troubleshoot and fix problems caused by non-critical software or hardware.
Safeguard
A safeguard is a control, measure, or action designed to protect an organization's assets from threats, vulnerabilities, and risks.
Safety data sheet
A safety data sheet (SDS) is a document that lists the hazards, handling, storage, and emergency procedures for a chemical substance, required in workplaces including IT environments.
Salting
Salting is the process of adding a unique, random string of data to each password before it is hashed, so that even identical passwords produce completely different hash values.
SAM
SAM stands for Source Account Mapping, a process in CI/CD and monitoring that links source code changes to specific user accounts for tracking and security.
Same-Region Replication
Same-Region Replication is the automatic, asynchronous copying of data between storage systems within the same geographic region to provide durability and availability.
SAML
Security Assertion Markup Language (SAML) is an open standard that allows one system to securely tell another system that a user is who they say they are, without sharing the user's password.
SAN
A dedicated, high-speed network that provides block-level storage access to servers, making storage appear as locally attached drives.
Sandbox
A sandbox is an isolated environment where you can run software or test code without affecting the rest of your system.
Sandbox analysis
Sandbox analysis is a security technique where suspicious files or code are executed in an isolated, controlled environment to observe their behavior without risking harm to the live network.
SAS
SAS (Serial Attached SCSI) is a high-speed data transfer technology used to connect hard drives and SSDs in servers and enterprise storage systems.
SASE
SASE (Secure Access Service Edge) is a network architecture that combines wide-area networking (WAN) and security services into a single, cloud-delivered platform.
SAST
Static Application Security Testing is a white-box method of analyzing source code, bytecode, or compiled binaries for security vulnerabilities without executing the program.
SATA
SATA (Serial ATA) is an interface standard used to connect storage devices like hard drives and solid-state drives to a computer's motherboard.
Satellite internet
Satellite internet is a type of internet connection that uses satellites orbiting the Earth to send and receive data, allowing users in remote or rural areas to get online.
Savings Plan
A flexible pricing model from cloud providers that gives you discounted rates on compute usage in exchange for a commitment to a consistent amount of spending over a one- or three-year term.
SBOM
An SBOM is a formal, machine-readable inventory of all software components and dependencies used in a software application or system.
SC
SC (Subscriber Connector) is a snap-in fiber optic connector with a square, push-pull coupling mechanism used for high-density data and telecom networks.
SCA
SCA (Software Composition Analysis) is a security testing method that automatically identifies open-source components, libraries, and dependencies in software to find known vulnerabilities and license compliance issues.
SCADA
SCADA is an industrial control system that monitors and controls infrastructure processes like power grids, water treatment, and pipelines.
Scalability
Scalability is the ability of a system, network, or process to handle a growing amount of work by adding resources, either by making the existing resources more powerful (vertical scaling) or by adding more resources (horizontal scaling).
Scanner
A scanner is a device that captures physical documents or images and converts them into digital data for computer storage, editing, or transmission.
Scheduled scaling
Scheduled scaling is a cloud computing strategy that automatically adjusts computing resources based on a predefined time schedule to match predictable workload patterns.
Schema
A schema is a blueprint or logical structure that defines how data is organized, stored, and accessed in a database or information system.
Scope
In IT, scope defines the boundaries, goals, and deliverables of a project, assessment, or engagement, specifying what is included and what is excluded.
Scope creep
Scope creep is the gradual, unplanned expansion of a project's objectives and deliverables beyond its original requirements, often leading to budget overruns, missed deadlines, and compromised quality.
SCP
SCP (Secure Copy Protocol) is a network protocol used to securely transfer files between computers over an encrypted SSH connection.
Screen lock
A security feature that prevents unauthorized access to a mobile device by requiring a specific action or credential to unlock the screen.
Screen replacement
Screen replacement is the process of removing a damaged or defective display from a mobile device and installing a new, working screen.
Screened subnet
A screened subnet is a network architecture that places a buffer network, often called a DMZ, between an internal trusted network and an external untrusted network, using two firewalls to control traffic.
Scrum Methodology
Scrum is a lightweight process framework that helps teams deliver complex projects in small, iterative chunks called sprints.
SCTP
SCTP is a reliable, message-oriented transport protocol that combines TCP's reliability with UDP's message boundaries and adds multi-homing and multi-streaming.
SD-WAN
SD-WAN is a software-defined approach to managing wide-area networks that improves performance, lowers cost, and simplifies connectivity between branch offices and data centers.
SDLC
The Software Development Life Cycle (SDLC) is a structured process used by IT teams to plan, create, test, and deploy software in a reliable and organized way.
SDN
Software-Defined Networking (SDN) is an approach to network management that separates the control plane (decision-making) from the data plane (traffic forwarding), allowing centralized, programmable network control.
SDS
SDS (Software-Defined Storage) is a storage architecture that separates storage software from underlying hardware, allowing centralized management and flexible allocation of storage resources.
Seamless SSO
Seamless SSO is a technology that lets you sign into multiple applications automatically after logging in once, without being prompted for credentials again.
Search index
A search index is a data structure that stores a mapping of content to locations, enabling fast and efficient information retrieval in search systems.
Seccomp Profiles
Seccomp profiles are security filters that restrict which system calls a containerized application can make to the Linux kernel, reducing the attack surface.
Secret Manager
A Secret Manager is a centralized tool that securely stores, manages, and controls access to sensitive information like passwords, API keys, and certificates, often automating their rotation and injection into applications.
Secret Usage
Secret Usage is the practice of storing and using sensitive information like passwords, API keys, and certificates in Kubernetes so that only authorized pods and containers can access them.
Secrets management
Secrets management is the practice of securely storing, controlling access to, and regularly rotating sensitive credentials like passwords, API keys, and certificates used by applications and services.
Secrets Management
Secrets Management is the practice of securely storing, accessing, and rotating sensitive information like passwords, API keys, and certificates in a controlled and automated way.
Secrets Manager
AWS Secrets Manager is a fully managed service that helps you protect access to your applications, services, and IT resources by securely storing, rotating, and controlling access to secrets like database passwords, API keys, and credentials.
Secrets scanning
Secrets scanning is the automated process of detecting accidentally exposed sensitive information, such as passwords, API keys, and tokens, in code repositories and other digital environments.
Secure Access Service Edge
Secure Access Service Edge (SASE) is a cloud-based security framework that combines network connectivity and security services into a single, unified service to protect users and devices wherever they are.
Secure boot
Secure Boot is a security feature that ensures a device starts up using only trusted software that is digitally signed by the manufacturer.
Secure by design
Secure by design means building security into a system from the very beginning of its creation, instead of trying to add it later as an afterthought.
Secure coding
Secure coding is the practice of writing software in a way that protects it from vulnerabilities and attacks by following security best practices throughout the development process.
Secure defaults
Secure defaults means that a system or software is shipped with the most secure settings already enabled, so the user does not have to harden the system themselves.
Secure Digital
Secure Digital (SD) is a small, removable flash memory card used to store data in devices like cameras, smartphones, and laptops.
Secure disposal
Secure disposal is the process of permanently destroying or sanitizing data storage media so that the data cannot be recovered or reconstructed by any means.
Secure enclave
A secure enclave is a dedicated, isolated hardware component within a processor that protects sensitive data and code from unauthorized access, even if the main operating system is compromised.
Secure file
A secure file is a protected file stored in Azure DevOps that holds sensitive information like certificates or signing keys, accessible only to authorized pipelines and users.
Secure Score
Secure Score is a measurement tool in Microsoft 365 that shows how secure your organization is based on the security features you have enabled and configured.
Secure Shell
Secure Shell (SSH) is a network protocol that provides a secure, encrypted way to access and manage remote computers over an unsecured network.
Secure Sockets Layer
Secure Sockets Layer is a cryptographic protocol that encrypts data transmitted between a web browser and a server to protect it from eavesdropping and tampering.
Secure web gateway
A secure web gateway (SWG) is a security solution that protects users and organizations from web-based threats by filtering internet traffic, enforcing security policies, and blocking access to malicious or unauthorized websites.
Security
Security in IT is the practice of protecting systems, networks, and data from unauthorized access, damage, or theft.
Security Assertion Markup Language
Security Assertion Markup Language is an open standard that allows different computer systems to securely share authentication and authorization information about a user.
Security assessment
A security assessment is a systematic evaluation of an organization’s systems, networks, and applications to identify vulnerabilities, threats, and risks, and to recommend improvements.
Security awareness
Security awareness is the ongoing practice of educating people within an organization about cybersecurity risks, safe behaviors, and their individual responsibilities to protect information assets.
Security baseline
A security baseline is a documented minimum set of security configurations and settings that must be applied to a system, device, or network to ensure a known secure starting point.
Security Command Center
Security Command Center is a centralized cloud security management platform that helps organizations detect, investigate, and respond to threats across their cloud infrastructure.
Security control
A security control is a safeguard or countermeasure designed to protect the confidentiality, integrity, and availability of information systems and data.
Security defaults
Security defaults is a set of basic security settings in Microsoft Entra ID that automatically enables common protections like multifactor authentication for all users in a tenant.
Security governance
Security governance is the framework of rules, policies, and processes that an organization uses to align its cybersecurity activities with its business goals and legal obligations.
Security Governance Framework
A security governance framework is a set of rules, roles, and processes that guide how an organization manages and protects its information and technology systems.
Security group
A security group is a virtual firewall that controls inbound and outbound traffic to AWS resources, such as EC2 instances, based on defined rules.
Security Hub
Security Hub is a cloud security posture management service that aggregates and prioritizes security alerts and compliance checks from multiple AWS services into a single place.
Security Information and Event Management
A system that collects, analyzes, and reports on security data from across an IT environment to detect and respond to threats.
Security kernel
The security kernel is the core, trusted part of an operating system that enforces access control and security policies for all system operations.
Security misconfiguration
Security misconfiguration occurs when security settings are defined, implemented, or maintained incorrectly, leaving systems, applications, or networks vulnerable to unauthorized access or data breaches.
Security model
A security model is a formal framework that defines how subjects (users, processes) can access objects (files, resources) based on rules, ensuring confidentiality, integrity, and availability.
Security operations center
A Security Operations Center (SOC) is a centralized team and facility that monitors, detects, analyzes, and responds to cybersecurity incidents across an organization's IT environment 24/7.
Security pillar
The Security pillar is a set of best practices for designing and operating cloud systems that protect data, systems, and assets through confidentiality, integrity, and availability controls.
Security policy
A security policy is a formal set of rules and guidelines that an organization establishes to protect its information assets and technology resources.
Security posture
An organization's overall cybersecurity strength, including policies, controls, and readiness to defend against and respond to threats.
Security recommendation
A security recommendation is a prescribed action, configuration, or update that aims to reduce risk and protect systems, data, and users from known threats or vulnerabilities.
Security strategy
A security strategy is a high-level plan that outlines how an organization protects its information assets, aligns security with business goals, and manages risk over time.
Security update
A security update is a software patch released to fix a vulnerability that could be exploited by attackers to compromise a system.
sed
sed is a stream editor used in Unix and Linux to perform basic text transformations on an input stream, such as finding and replacing text, deleting lines, or inserting content.
Segment
A segment is a division of a larger network, such as a collision domain, broadcast domain, or a portion of a TCP data stream, used to organize traffic and improve performance.
Self-hosted agent
A self-hosted agent is a software component that you install and manage on your own infrastructure to run automated tasks for a CI/CD or DevOps platform.
Self-monitoring Analysis and Reporting Technology
Self-monitoring Analysis and Reporting Technology (SMART) is a monitoring system built into hard drives and solid-state drives that detects and reports on various indicators of drive reliability to predict potential failures before they occur.
Self-service password reset
Self-service password reset (SSPR) is a Microsoft identity feature that allows users to reset their own passwords without needing help from an IT helpdesk.
SELinux
SELinux (Security-Enhanced Linux) is a mandatory access control (MAC) security mechanism built into the Linux kernel that enforces policies to restrict how processes and users interact with files, devices, and system resources.
Semantic search
Semantic search is a search method that understands the intent and contextual meaning of a user's query, rather than just matching exact keywords.
Semi-Annual Enterprise Channel
The Semi-Annual Enterprise Channel is a Microsoft update servicing option for Windows 10 and Windows 11 that delivers feature updates twice per year, designed for organizations that need a balance between new features and stability.
Semi-structured data
Semi-structured data is information that has some organizational tags or markers but does not fit into a strict table format like a spreadsheet row and column.
Sender Policy Framework
Sender Policy Framework (SPF) is an email authentication method that prevents spammers from sending emails that appear to come from your domain by listing which servers are allowed to send email for that domain.
Sensitivity label
A sensitivity label is a metadata tag applied to digital content that classifies the content's level of confidentiality and governs how it can be shared, protected, and accessed.
Sentiment analysis
Sentiment analysis is a natural language processing technique that uses machine learning to determine the emotional tone or opinion expressed in a piece of text.
Separation of duties
Separation of duties is a security principle that splits critical tasks and privileges among multiple people to prevent fraud, errors, and abuse of power.
Serial Advanced Technology Attachment
Serial Advanced Technology Attachment (SATA) is a computer bus interface used to connect storage devices like hard drives and solid-state drives to a computer's motherboard.
Serial Attached SCSI
Serial Attached SCSI (SAS) is a fast, reliable interface used to connect and transfer data between hard drives or SSDs and a computer system, commonly found in enterprise servers.
Serial Communications D-Shell Connector 9 pins
A 9-pin D-shaped connector used for serial communication between devices like computers, modems, and networking equipment.
Serial console
A serial console is a direct, low-level connection to a computer or network device that uses a serial port to let you send commands and receive text output, often for initial setup or emergency troubleshooting.
Serverless
Serverless is a cloud computing model where the cloud provider manages the servers, and you only pay for the actual compute time your code uses, without having to worry about provisioning or maintaining infrastructure.
Serverless architecture
Serverless architecture is a cloud computing model where the cloud provider automatically manages the infrastructure, allowing developers to build and run applications without thinking about servers.
Serverless computing
Serverless computing is a cloud execution model where the cloud provider dynamically manages the allocation and provisioning of servers, allowing developers to write and deploy code without thinking about the underlying infrastructure.
Serverless function
A serverless function is a single-purpose piece of code that runs in the cloud only when triggered, without you managing any servers.
Serverless security
Serverless security is the practice of protecting applications that run on serverless computing platforms, where the cloud provider manages the infrastructure and the customer is responsible for securing the code, data, and access controls.
Serverless SQL pool
Serverless SQL pool is an on-demand, pay-per-query analytics service in Azure that lets you query data stored in data lakes without provisioning or managing any dedicated infrastructure.
Service
A service is a software component or system that performs a specific function and is available to be used by other programs or users over a network.
Service account
A service account is a special type of account used by an application or a virtual machine, rather than a human user, to authenticate and interact with cloud services and APIs securely.
Service Account Hardening
Service Account Hardening is the set of security practices to restrict and protect Kubernetes service accounts from unauthorized access or misuse.
Service account key
A service account key is a credential file used to authenticate and authorize a non-human user, like an application or a virtual machine, to access Google Cloud resources.
Service configuration management
Service configuration management is the practice of identifying, controlling, and maintaining information about the components (configuration items) that make up an IT service, ensuring that accurate and current data is always available.
Service connection
A service connection in Azure DevOps is a secure, configurable link that allows your pipelines to authenticate and interact with external services like Azure, GitHub, or on-premises servers.
Service consumer
A service consumer is an entity, such as a person, department, or organization, that uses an IT service provided by a service provider.
Service consumption
Service consumption is the process by which users or systems access, use, and pay for IT services according to defined agreements and usage metrics.
Service Control Policy
A Service Control Policy (SCP) is a centralized governance tool in AWS Organizations that allows you to define and enforce maximum permissions for all accounts in an organization, acting as a security guardrail that limits what actions principals can perform.
Service desk
A service desk is a single point of contact between IT and users for handling incidents, service requests, and communication.
Service discovery
Service discovery is the process by which networked services automatically locate each other to communicate, without needing manual configuration of network addresses.
Service endpoint
A service endpoint is a specific network address (URL or IP/port) that client applications use to access the functionality or data of a cloud or web service.
Service Enumeration
Service enumeration is the process of actively connecting to a target system to identify running services, open ports, and detailed information about those services for security assessment.
Service failure
A service failure is an interruption or degradation of a software application, system, or network component that prevents it from delivering its intended function to users or other systems.
Service Health
Service Health is a monitoring feature in Microsoft 365 and Azure that provides real-time and historical status of cloud services, including outages, advisories, and incidents.
Service Level Agreement
A service level agreement (SLA) is a documented contract that defines the specific level of service a provider guarantees to a customer, including performance metrics, responsibilities, and remedies for failures.
Service level management
Service level management is the IT practice of defining, monitoring, and improving the quality and performance of IT services to meet agreed-upon targets with customers.
Service management practice
A structured set of organizational capabilities for delivering and managing IT services to meet customer needs and business outcomes.
Service Mesh
A service mesh is a dedicated infrastructure layer that manages communication between microservices, handling tasks like service discovery, load balancing, encryption, and observability without requiring changes to application code.
Service offering
A service offering is a clearly defined set of IT services, capabilities, and deliverables that an organization provides to its customers, described in a catalog with specific terms, costs, and service levels.
Service plan
A service plan is a prepaid subscription or agreement that defines the level of support, features, and services a customer receives for a product or service, commonly used for software, cloud services, and IT support.
Service principal
A service principal is an identity created for an application or automated tool to access cloud resources securely without using a human user account.
Service provider
A service provider is an organization or person that delivers value to customers by facilitating outcomes they want to achieve without taking on specific costs and risks.
Service provision
Service provision is the process of delivering and supporting an IT service to end users, ensuring it meets agreed-upon quality and availability levels.
Service relationship
A service relationship is the formal connection between a service provider and a service consumer that governs how a service is delivered, used, and managed.
Service relationship management
Service relationship management is the practice of coordinating and overseeing the interactions between IT service providers and their customers to ensure value is co-created and delivered effectively.
Service request management
Service request management is the practice of handling standardized, pre-defined user requests for information, access, or changes that follow an approved and low-risk procedure.
Service Set Identifier
A Service Set Identifier (SSID) is the public name of a Wi-Fi network that devices use to identify and connect to it.
Service Trust Portal
The Service Trust Portal is a Microsoft website that gives IT professionals and auditors access to compliance documentation, audit reports, and security information about Microsoft cloud services.
Service value chain
A Service value chain is an operating model that outlines the key activities needed to create, deliver, and improve IT services, turning demand into value for customers.
Service value system
The Service value system (SVS) is a modular ITIL 4 framework that describes how all components and activities of an organization work together as a system to enable value creation through IT-enabled services.
ServiceAccount
A ServiceAccount is a Kubernetes identity used by pods to authenticate and authorize API requests to the Kubernetes cluster.
Services console
A management interface in network operating systems or cloud platforms that provides centralised control over system services and daemons.
Session
A session is a temporary, managed connection between a user and a system that tracks activity and state across multiple interactions until the user logs out or the session ends.
Session Hijacking
Session hijacking is an attack where a cybercriminal steals or takes over a user's active session with a web application, allowing the attacker to pretend to be that user without needing their password.
Session Initiation Protocol
Session Initiation Protocol (SIP) is a signaling protocol used to start, maintain, and end voice and video calls over IP networks.
Session Manager
A Session Manager is a tool or service that starts, oversees, and ends user sessions on a computer or network, ensuring that each user's activities are kept separate and secure.
Session token
A session token is a unique identifier generated by a server that allows a user to remain authenticated without re-entering their credentials during a single browsing session.
setfacl
setfacl is a Linux/Unix command used to set Access Control Lists on files and directories, providing more detailed permission control beyond the standard owner-group-others model.
Settings app
The Settings app is the central graphical interface in Windows and other operating systems that lets users view and change system configurations, manage hardware, update software, and control user preferences.
Settings catalog
A centralized repository in Microsoft Intune that provides a single, searchable list of all configurable device settings for Windows, macOS, iOS, and Android devices.
sFlow
sFlow is a network monitoring technology that samples packets and exports traffic statistics to a central collector for analyzing network performance and security.
SFP
SFP (Small Form-factor Pluggable) is a compact, hot-swappable transceiver that connects a network device to fiber optic or copper cabling for data transmission.
SFP+
SFP+ is an enhanced version of the Small Form-factor Pluggable transceiver that supports data rates up to 16 Gbps, commonly used for 10 Gigabit Ethernet and Fibre Channel connections in enterprise networking.
SFTP
SFTP (SSH File Transfer Protocol) is a secure method for transferring files over a network using an encrypted SSH connection.
SFTP
SFTP (Secure File Transfer Protocol) is a network protocol that provides secure file transfer over SSH, encrypting both commands and data.
SGACL
SGACL stands for Security Group Access Control List, a Cisco technology that controls network traffic based on the security group membership of the source and destination devices rather than IP addresses.
SGID
SGID stands for Set Group ID, a Unix/Linux file permission that allows a process or executable to run with the group privileges of the file's group owner, not the user who runs it.
SHA-256
SHA-256 is a cryptographic hash function that takes any input data and produces a fixed 256-bit string of characters, like a unique digital fingerprint, used to verify data integrity and secure passwords.
SHA-3
SHA-3 is the latest member of the Secure Hash Algorithm family, a standardized cryptographic hash function used to ensure data integrity and authenticity in IT systems.
Shard
A shard is a horizontal partition of data in a database or storage system, where each shard holds a subset of the total data and operates independently to distribute load.
Shared access
Shared access is a permission model where multiple users, systems, or services are granted common access rights to a resource such as a file, database, network drive, or cloud storage.
Shared access signature
A shared access signature (SAS) is a secure, time-limited URL that grants granular access to specific resources in cloud storage, allowing you to delegate permissions without sharing your account keys.
Shared Access Signatures
A Shared Access Signature (SAS) is a secure token that grants limited, time-bound access to specific Azure Storage resources without exposing your account key.
Shared account
A shared account is a user account that is used by multiple people instead of being assigned to a single individual.
Shared mailbox
A shared mailbox is a mailbox that multiple people can use to read and send email from a common email address, managed without individual user licenses in some systems.
Shared resources
Shared resources are computing assets like storage, memory, or network bandwidth that multiple users or systems can access simultaneously from a common pool.
Shared responsibility
Shared responsibility is a cloud security model where the cloud provider and the customer each own distinct parts of security and compliance duties.
Shared responsibility model
The shared responsibility model is a framework that defines which security and compliance tasks are handled by the cloud provider and which are handled by the customer.
Shared secret
A shared secret is a piece of data, like a password or cryptographic key, known only to the parties involved in a secure communication, used to verify identity and protect information.
Shared VPC
A Shared VPC allows multiple projects or accounts within a cloud environment to use the same Virtual Private Cloud (VPC) network, enabling centralized management and isolation of resources.
SharePoint admin center
The SharePoint admin center is the web-based control panel where IT administrators manage SharePoint Online settings, site collections, user permissions, and storage across an organization's Microsoft 365 environment.
SharePoint Online
SharePoint Online is a cloud-based collaboration platform from Microsoft that lets teams create, store, organize, and share content securely from anywhere.
SharePoint role
A SharePoint role is a set of permissions that controls what a user or group can do within a SharePoint environment, such as viewing, editing, or managing content and settings.
SharePoint site
A SharePoint site is a web-based collaboration space within Microsoft SharePoint that allows teams to store, organize, share, and manage content, documents, and information.
Shell
A shell is a computer program that provides a user interface to access an operating system's services, typically by accepting text commands.
Shellcode
Shellcode is a small piece of code used as a payload in the exploitation of a software vulnerability, typically giving an attacker a command shell on the target machine.
Shield
A shield in IT networking is a conductive layer around a cable or device that blocks electromagnetic interference to protect signal integrity.
Shielded Twisted Pair
Shielded Twisted Pair (STP) is a type of copper cabling that uses a metallic shield around twisted wire pairs to reduce electromagnetic interference and protect data signals.
Shielded VM
A Shielded VM is a Google Cloud virtual machine with enhanced security features that protect against rootkits and boot-level malware by verifying the integrity of the boot process and firmware.
Shift left security
Shift left security is the practice of integrating security testing and controls earlier in the software development lifecycle, rather than waiting until after deployment.
Shodan
Shodan is a search engine that lets you find specific types of internet-connected devices, such as webcams, routers, and servers, by scanning the internet and indexing their services and banners.
Short Message Service
Short Message Service (SMS) is a text messaging service that allows short messages to be sent between mobile phones, pagers, and other devices using standardized communication protocols.
Shoulder surfing
A social engineering attack where an attacker observes a victim's screen or keyboard to steal passwords or sensitive information.
Shutdown mode
Shutdown mode is a port security state on a switch port that disables the port when a security violation occurs, such as when an unauthorized device attempts to connect.
Side-channel attack
A side-channel attack is a type of security exploit that gathers information from a system by observing its physical or secondary outputs—such as timing, power consumption, or electromagnetic emissions—rather than directly attacking the software or cryptographic algorithm.
Side-loading
Side-loading is the process of installing software on a mobile device from a source other than the official app store.
Sidecar Containers
A sidecar container is a secondary container that runs alongside a primary application container in the same Kubernetes pod, providing supporting functionality without altering the main application.
SIEM
SIEM (Security Information and Event Management) is a system that collects and analyzes log data from across an IT environment to detect and respond to security threats in real time.
SIEM and SOAR Design
SIEM and SOAR Design is the practice of planning and building systems that collect, analyze, and automatically respond to security alerts across an organization's network and cloud environment.
SIEM query
A SIEM query is a search command used in a Security Information and Event Management system to find, filter, and analyze security-related log data from across an organization's IT environment.
Sigma rule
A Sigma rule is a generic, YAML-based detection rule format used in cybersecurity to describe suspicious activities in a way that can be easily shared and converted for use across different security information and event management (SIEM) systems.
SignalR Service
Azure SignalR Service is a managed platform that enables real-time web functionality, like live messaging or updates, between servers and clients without the client having to constantly ask for new data.
Signed URL
A Signed URL is a time-limited, authenticated web link that grants temporary access to a private resource without requiring the user to log in.
Silver ticket
A forged Kerberos service ticket that grants access to a specific service in a Windows domain without requiring the user's password.
SIM
A SIM (Subscriber Identity Module) is a smart card that securely stores the international mobile subscriber identity (IMSI) and related key used to identify and authenticate a subscriber on mobile networks.
SIM card
A SIM card is a small, removable chip in mobile devices that securely stores the subscriber identity to connect to a cellular network.
Simple Mail Transfer Protocol
Simple Mail Transfer Protocol (SMTP) is the standard internet protocol used for sending and relaying email messages from a client to a server or between servers.
Simple Mail Transfer Protocol Secure
SMTPS is a secure version of the Simple Mail Transfer Protocol that uses encryption to protect email messages during transmission between email servers.
Single sign-on
Single sign-on (SSO) is an authentication method that allows a user to log in once and gain access to multiple applications or systems without re-entering credentials.
Single-mode fiber
Single-mode fiber is a type of optical fiber used in high-speed, long-distance networking that transmits a single light signal along a very thin core, minimizing signal loss and enabling data to travel many kilometers without repeaters.
SIP
SIP is a signaling protocol used to initiate, maintain, and terminate real-time communication sessions like voice and video calls over IP networks.
Site Recovery
Site Recovery is the process of restoring IT infrastructure and data at a different physical location after a disaster to keep business operations running.
Site-to-Site VPN Troubleshooting
The process of identifying and fixing problems in a permanent encrypted tunnel that connects two separate office networks over the internet.
Skillset
A skillset is the collection of technical abilities, knowledge, and competencies required to perform a specific IT role or pass a certification exam.
SLA
A Service Level Agreement (SLA) is a contract between a service provider and a customer that defines the level of service expected, including metrics like uptime, response time, and penalties for non-compliance.
SLAAC
SLAAC (Stateless Address Autoconfiguration) is a method that allows an IPv6 device to automatically generate its own IP address without needing a centralized server like DHCP.
SLE
SLE (Single Loss Expectancy) is the monetary loss expected each time a specific risk event occurs, calculated as asset value times exposure factor.
SLI
An SLI (Service Level Indicator) is a carefully chosen metric that measures one specific aspect of a service's performance, such as request latency or error rate, to help determine whether the service is meeting its reliability goals.
SLO
A Service Level Objective is a measurable target for a specific aspect of a service's performance or reliability that a team commits to meeting over a defined period.
Slow performance
Slow performance means a computer, application, or network takes longer than expected to complete tasks, often due to resource limits, software conflicts, or hardware degradation.
Small Computer System Interface
Small Computer System Interface (SCSI) is a set of standards for connecting and transferring data between computers and peripheral devices like hard drives, scanners, and tape drives.
Small Form-factor Pluggable
A Small Form-factor Pluggable (SFP) is a compact, hot-swappable transceiver module used to connect networking devices to fiber optic or copper cables, converting electrical signals into light signals for data transmission.
Small Outline Dual In-line Memory Module
A compact version of a standard RAM stick, mainly used in laptops and small form factor computers to provide system memory.
Smart jack
A Smart jack is a network interface device that regenerates, monitors, and troubleshoots digital signals between a service provider and customer equipment, often used with T1 or fiber lines.
Smartphone
A smartphone is a handheld mobile device that combines cellular communication with computing capabilities, running an operating system that supports third-party applications, internet connectivity, and a touchscreen interface.
SMB
SMB is a network file-sharing protocol that allows applications to read, write, and request services from server programs in a computer network.
SMB
SMB (Server Message Block) is a network protocol used primarily for sharing files, printers, and other resources between computers over a local network.
Smishing
Smishing is a social engineering attack that uses deceptive text messages to trick recipients into revealing sensitive information or installing malware.
SMTP
SMTP (Simple Mail Transfer Protocol) is the standard internet protocol used to send emails from a client to a server or between email servers.
SMTPS
SMTPS (SMTP Secure) is a method for securing SMTP email transmission using TLS or SSL encryption, typically over port 465.
snap
Snap is a software package management system that bundles applications with their dependencies into isolated packages for secure, cross-distribution Linux deployment.
Snapshot
A snapshot is a point-in-time copy of a system's data or state, used for backup, recovery, or testing without disrupting the original.
SNMP
SNMP (Simple Network Management Protocol) is an application-layer protocol used to collect and organize information about managed devices on IP networks and to modify that information to change device behavior.
SNMP
A network protocol used to collect and organize information about managed devices on IP networks and to modify that information to change device behavior.
SNMP Enumeration
SNMP Enumeration is the process of querying a device's Simple Network Management Protocol service to extract information about its configuration, running processes, user accounts, and network connections.
SNMPv3
SNMPv3 is a network management protocol with strong security features like encryption and authentication, used to monitor and configure devices such as routers and switches.
SNMPv3 Configuration
SNMPv3 configuration is the process of setting up the third version of the Simple Network Management Protocol on network devices to securely monitor and manage them using authentication and encryption.
SNS
Amazon Simple Notification Service (SNS) is a managed service that sends messages—like email, SMS, or push notifications—from one source to many subscribers at once.
SO-DIMM
SO-DIMM is a compact memory module used in laptops, small form factor PCs, and other space-constrained devices to provide system RAM.
SOA
An SOA record is a DNS resource record that specifies authoritative information about a DNS zone, including the primary nameserver and administrator email.
SOAR
SOAR (Security Orchestration, Automation, and Response) is a technology stack that helps security teams automate responses to threats by integrating various security tools and standardizing workflows.
SOAR playbook
A SOAR playbook is a documented, step-by-step guide that automates and orchestrates security incident response actions within a Security Orchestration, Automation, and Response platform.
SOC
A Security Operations Center (SOC) is a centralized team that monitors, detects, analyzes, and responds to cybersecurity incidents to protect an organization's information systems.
SOC Architecture
SOC Architecture is the structured design of people, processes, and technology in a Security Operations Center to detect, analyze, and respond to cyber threats.
Social engineering
Social engineering is the psychological manipulation of people into divulging confidential information or performing actions that compromise security.
Social Engineering Attacks
Social engineering attacks are psychological tricks that manipulate people into revealing confidential information or performing actions that compromise security.
Social Engineering Recon
Social Engineering Recon is the phase where an attacker gathers information about a target by manipulating people, not computers, to reveal secrets or access.
Soft delete
A soft delete marks data as deleted without actually removing it from the database, allowing recovery if needed.
Software as a Service
Software as a Service (SaaS) is a cloud computing model where users access software applications over the internet on a subscription basis, without installing or maintaining the software locally.
Software testing
Software testing is the process of checking whether a software application works correctly, meets requirements, and is free of defects before it is released to users.
Software-defined Network
A software-defined network (SDN) is a networking approach that separates the control plane (how traffic is directed) from the data plane (where traffic moves), allowing network administrators to manage and optimize traffic flow centrally through software instead of relying on individual hardware switches and routers.
Software-defined Wide Area Network
A Software-defined Wide Area Network (SD-WAN) is a virtual network architecture that uses software to manage and optimize the connections between branch offices and data centers across a wide geographic area.
SOHO
A SOHO is a small network, typically in a home or small business, using consumer-grade equipment to share internet and local resources.
SOHO Router Configuration
SOHO Router Configuration is the process of setting up a small office or home office router to connect devices to the internet and manage network security.
Sole-tenant node
A physical Compute Engine server that is dedicated solely to your project, ensuring that no other customer's virtual machines (VMs) run on that same hardware.
Solid-state Drive
A solid-state drive (SSD) is a storage device that uses flash memory to save data permanently, with no moving parts, making it much faster and more durable than a traditional hard disk drive.
sort
Sort is the process of arranging data in a specified order, typically alphabetically or numerically, to make it easier to search, analyze, or display.
Sort key
A sort key is a field or attribute used to determine the order in which data items are arranged within a database or storage system, often in combination with a partition key.
Southbound API
A southbound API is an interface that allows a network controller or orchestrator to communicate with and manage the physical or virtual network devices beneath it, like switches, routers, and firewalls.
Sovereign region
A sovereign region is a physically and logically separate set of cloud data centers within a single country, designed to meet strict data residency and compliance requirements imposed by local laws.
SPAN
A Switch Port Analyzer (SPAN) is a feature on network switches that copies traffic from one or more ports to a monitoring port for analysis without disrupting normal network operations.
SPAN and RSPAN
SPAN and RSPAN are Cisco features that copy network traffic from one or more ports to another port for analysis, with RSPAN extending this capability across multiple switches.
Spanner
Google Cloud's globally distributed, strongly consistent, and horizontally scalable database service designed for mission-critical, transactional workloads.
Spanning tree election
The process by which switches in a network with redundant paths select a single root bridge and block certain ports to prevent loops while ensuring all devices can still communicate.
Spark pool
A Spark pool is a cloud-based cluster of computing resources that allows you to run Apache Spark analytics and data processing workloads on demand.
Speakers
Hardware output devices that convert electrical audio signals into sound waves so humans can hear audio from a computer system.
Spear phishing
Spear phishing is a targeted cyberattack in which a criminal sends a fraudulent email that appears to come from a trusted source, aiming to trick a specific person or organization into revealing sensitive data or installing malware.
Speech to text
Speech to text is a technology that converts spoken language into written text using advanced algorithms and machine learning.
Speech translation
Speech translation is the real-time conversion of spoken language from one language into written or spoken text in another language using artificial intelligence.
SPF algorithm
The Shortest Path First algorithm calculates the most efficient path through a network by building a map of all routers and links.
SPICE
SPICE (ISO/IEC 15504) is a framework for assessing and improving software process capability, not a network protocol.
Spine-Leaf Architecture
Spine-Leaf architecture is a network topology where every lower-layer switch (leaf) connects to every upper-layer switch (spine) to provide predictable and scalable east-west traffic flow.
Sponsor
In IT service management, a sponsor is a person or group that authorizes the budget and resources for a service or project and is ultimately accountable for its success.
Spot Instance
A Spot Instance is an unused cloud computing resource that a provider offers at a deep discount but that can be reclaimed by the provider with little notice.
Spot VM
A Spot VM is a virtual machine instance that uses unused cloud provider capacity at a significantly discounted price, but can be terminated with short notice when the provider needs the capacity back.
Sprint
A Sprint is a time-boxed iteration in Agile project management, typically 2–4 weeks long, during which a development team completes a set of planned work items.
Sprint Planning
Sprint Planning is a time-boxed meeting at the start of a Scrum sprint where the team decides what work they can deliver and how they will do it.
Sprint Retrospective
A Sprint Retrospective is a time-boxed meeting at the end of a Scrum sprint where the team reflects on their process and identifies improvements for the next sprint.
Spyware
Spyware is malicious software that secretly monitors and collects information about a user's activity without their knowledge or consent.
SQL
SQL is a standardized programming language used to manage and manipulate relational databases, enabling querying, updating, and data retrieval.
SQL
SQL is a standard programming language used to manage, query, and manipulate relational databases by issuing commands like SELECT, INSERT, UPDATE, and DELETE.
SQL Database Design
SQL Database Design is the process of planning and organizing the structure of a relational database, including tables, columns, keys, and relationships, to ensure efficient data storage and retrieval.
SQL injection
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries an application makes to its database, often to read, modify, or destroy data.
SQL Managed Instance
SQL Managed Instance is a cloud database service from Azure that gives you most of the features of a full SQL Server instance without you having to manage the underlying hardware or software patches.
SQL Server on Azure VM
SQL Server on Azure VM is a cloud service that lets you run Microsoft SQL Server database software on a virtual machine in Microsoft Azure, giving you full control over the database environment while Azure handles the underlying hardware.
SQL Server on Azure VM
SQL Server on Azure VM is a cloud service that lets you run Microsoft SQL Server software inside a virtual machine in Microsoft Azure, giving you full control over the database environment just like you would have on your own physical server.
SQS
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables decoupling and scaling of microservices, distributed systems, and serverless applications.
ss
In networking, 'ss' is a command-line utility used to display detailed socket statistics, showing active connections, listening ports, and protocol information on Linux and Unix systems.
SSD
A Solid State Drive (SSD) is a storage device that uses flash memory to save data, making computers start up and load files much faster than older hard drives.
SSE
SSE (Security Service Edge) is a cloud-delivered security framework that converges web, cloud, and private access controls at the network edge.
SSE
SSE (Security Service Edge) is a cloud-centric security framework that converges web, cloud, and network security into a single edge service.
SSH
SSH (Secure Shell) is a cryptographic network protocol that provides secure, encrypted communication and remote administration between two devices over an unsecured network.
SSID
An SSID is the public name of a Wi-Fi network that devices use to identify and connect to it.
SSL
SSL (Secure Sockets Layer) is a cryptographic protocol that encrypts data transmitted between a client and a server to ensure privacy and data integrity.
SSL VPN
An SSL VPN is a virtual private network that uses the Secure Sockets Layer protocol to create an encrypted tunnel for remote users to securely access network resources over the internet.
SSO
Single Sign-On (SSO) is an authentication process that allows a user to access multiple applications or systems with one set of login credentials.
SSPR
Self-Service Password Reset — a system that allows users to reset their own passwords without contacting IT support.
SSRF
A security vulnerability where an attacker tricks a server into making unauthorized requests to internal or external resources on behalf of the attacker.
ST
ST (Straight Tip) is a fiber optic connector with a bayonet-style twist-lock coupling, used for multimode and single-mode connections.
Stage
A stage is a discrete phase in a software development or deployment pipeline where code is built, tested, integrated, or released in a controlled environment.
Stakeholder
A stakeholder is any person, group, or organization that has an interest in or is affected by the outcome of an IT project, service, or change.
Stakeholder Engagement
Stakeholder engagement is the process of identifying people or groups who have an interest in a project and actively involving them through communication and collaboration to meet their needs and expectations.
Standard
A standard is an agreed-upon set of rules, guidelines, or specifications that ensure consistency, compatibility, and quality across IT products, services, and processes.
Standard ACL
A Standard Access Control List (ACL) is a sequential set of permit or deny rules that filters network traffic based solely on the source IP address.
Standard Operating Procedure
A Standard Operating Procedure is a detailed, written set of step-by-step instructions that describes how to perform a specific task or process consistently and safely.
Standard queue
A standard queue is a First-In, First-Out (FIFO) ordered list used to temporarily hold messages or tasks until they can be processed by a consumer.
Standard workflow
A standard workflow is a repeatable, predefined sequence of steps for completing a common IT task, ensuring consistency and efficiency.
Star topology
A network topology where each device is directly connected to a central hub or switch, and all data passes through that central point.
Start of Authority
A Start of Authority (SOA) record is a special DNS record that stores essential administrative information about a domain, including the primary name server, the responsible administrator email, and timing parameters for caching and updates.
Start where you are
Start where you are means using your existing knowledge, skills, and resources as the baseline for improvement instead of waiting for perfect conditions or tools.
Startup Configuration
Startup configuration is the saved set of commands that tells a Cisco device how to behave every time it powers on or reloads.
Startup Probes
A Kubernetes mechanism that checks whether an application inside a container has started successfully, and delays other health checks until it is ready.
Startup repair
Startup Repair is a Windows recovery tool that automatically diagnoses and fixes common problems that prevent the operating system from booting properly.
Startup script
A startup script is a file of commands or code that runs automatically when a cloud virtual machine starts up, allowing you to configure the system without manual logging in.
State machine
A state machine is a computational model that defines a finite number of states, transitions between those states based on inputs, and actions that occur as a result.
State Manager
State Manager is an AWS Systems Manager capability that lets you define and enforce a desired configuration state for your EC2 instances and other managed resources, automatically ensuring they stay compliant over time.
StatefulSets
A Kubernetes resource that manages stateful applications by providing stable network identities and persistent storage for each pod.
Stateless Address Autoconfiguration
Stateless Address Autoconfiguration (SLAAC) is a method that allows a device on an IPv6 network to automatically generate its own IP address without needing a dedicated server to assign one.
Statement of work
A Statement of work (SOW) is a formal document that defines the scope, deliverables, timeline, and terms of a project or service engagement between a vendor and a client.
Static NAT
Static Network Address Translation (NAT) is a one-to-one mapping between a private IP address and a public IP address that never changes.
Static route
A static route is a manually configured path in a router's routing table that tells the router exactly where to send packets for a specific destination network.
Status code
A status code is a three-digit number returned by a server to indicate the result of a client's request, such as success, redirection, or an error.
Steganography
Steganography is the practice of hiding a secret message inside an ordinary, non-secret file such as an image, audio, or video to keep the message hidden from casual observers.
Step Functions
AWS Step Functions is a serverless orchestration service that lets you coordinate multiple AWS services into a visual, state-machine-based workflow.
Step scaling policy
A step scaling policy is a type of auto scaling rule that adjusts the number of computing resources in predefined increments based on the magnitude of a CloudWatch alarm breach.
Sticky bit
The sticky bit is a special permission on Unix/Linux files and directories that restricts file deletion to the file owner, directory owner, or root user, even if others have write access.
Sticky MAC address
Sticky MAC address is a switch security feature that dynamically learns and remembers a device’s MAC address on a specific port to prevent unauthorized devices from connecting.
STIX
STIX (Structured Threat Information Expression) is a standardized language and serialization format used to represent and share cyber threat intelligence in a consistent, machine-readable way.
Storage account
A cloud storage account is a container that holds a set of cloud storage services and their data, providing a unique namespace and access policies for storing and managing unstructured data.
Storage Area Network
A Storage Area Network (SAN) is a dedicated, high-speed network that provides block-level storage access to servers, making storage appear as if it is directly attached to the server.
Storage class
A storage class is a category of data storage that defines how data is stored, accessed, retrieved, and billed in a cloud environment.
Storage Classes
A Storage Class in Kubernetes is a template that defines how persistent storage is provisioned automatically, including the type of storage, performance characteristics, and provisioning policies.
Storage controller
A storage controller is a hardware or software component that manages how data is stored, accessed, and organized on storage devices like hard drives, SSDs, or cloud storage volumes.
Storage Explorer
A graphical tool that allows users to interact with cloud storage services to upload, download, manage, and view data stored in buckets, containers, or file shares.
Storage firewall
A storage firewall is a security appliance or software that controls access to storage systems, protecting data from unauthorized access, malware, and insider threats by inspecting and filtering storage protocol traffic.
Storage Gateway
A Storage Gateway is a service or device that connects on-premises IT environments to cloud storage, making cloud storage feel like a local drive or backup target.
Storage tier
A storage tier is a category of data storage defined by performance, cost, and access frequency, used to optimize storage efficiency in cloud and on-premises systems.
Stored access policy
A stored access policy is a server-side set of rules that defines permissions for accessing data or resources, applied consistently each time a request is made.
Stored procedure
A stored procedure is a pre-written collection of SQL statements saved in a database that can be executed as a single unit to perform specific tasks, like updating records or generating reports.
Storm control
Storm control is a network feature that limits the amount of broadcast, multicast, or unknown unicast traffic on a switch port to prevent network disruptions.
STP
Shielded Twisted Pair (STP) is a copper cable that wraps each twisted pair in foil or braid to block electromagnetic interference.
STP
STP (Spanning Tree Protocol) is a network protocol that prevents loops in Ethernet networks by creating a loop-free logical topology.
STP convergence
STP convergence is the process by which a network of switches using the Spanning Tree Protocol reaches a stable, loop-free topology after a change in the network.
STP TCN Process
The STP TCN process is the mechanism by which a network switch uses a Topology Change Notification to inform all other switches that the network topology has changed, forcing them to refresh their MAC address tables to avoid temporary black holes.
Straight Tip Connector
A Straight Tip Connector, often called an ST connector, is a fiber optic cable connector that uses a twist-on bayonet-style coupling mechanism to securely attach a fiber optic cable to a device or patch panel.
Straight-through cable
A straight-through cable is a type of Ethernet cable where the wire arrangement is identical on both ends, used to connect different types of network devices, like a computer to a switch.
Strategic intelligence
Strategic intelligence is the process of collecting, analyzing, and applying high-level information about threats, risks, and opportunities to guide an organization's long-term security decisions.
Streaking
Streaking is a printing defect where faint, unwanted lines or bands appear repeatedly across a printed page, typically caused by issues with the toner cartridge, drum, or fuser assembly in laser printers or by clogged nozzles or misaligned print heads in inkjet printers.
Stream Control Transmission Protocol
Stream Control Transmission Protocol (SCTP) is a transport layer protocol that combines the reliability of TCP with the speed of UDP and adds the ability to send multiple independent streams of data over a single connection.
Stream processing
Stream processing is a data processing method that continuously analyzes and acts on data in real time as it arrives, rather than storing it first and processing it later.
STRIDE
STRIDE is a threat classification model that helps IT professionals identify and categorize security threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
Structured data
Structured data is information that is organized in a predefined format, typically in rows and columns, making it easy to search, process, and analyze by computers.
Structured logging
Structured logging is the practice of recording log data in a consistent, machine-readable format, such as JSON, so that it can be easily searched, filtered, and analyzed by automated tools.
su
The 'su' command (substitute user or switch user) allows a user to assume the identity of another user, typically the root user, without logging out and back in.
Subinterface
A subinterface is a virtual interface created on a single physical network interface to allow it to carry multiple VLANs or logical networks separately.
Subnet
A subnet is a logical subdivision of an IP network, created by partitioning a larger network address space using subnet masks.
Subnet mask
A subnet mask is a 32-bit number that helps a computer or network device determine which part of an IP address identifies the network and which part identifies the host device on that network.
Subnetting
Subnetting is the process of dividing a larger IP network into smaller, more manageable subnetworks (subnets) to improve performance, security, and efficient use of IP addresses.
Subscriber Connector
A Subscriber Connector (SC) is a fiber optic cable connector known for its push-pull coupling mechanism and square shape, commonly used in data centers and telecommunications for single-mode and multimode fiber connections.
Subscription
A subscription is a payment model where you pay a recurring fee to access a product or service instead of buying it once and owning it forever.
Subscription boundary
A subscription boundary is the logical and administrative limit that defines the scope of resources, permissions, billing, and policies within a single cloud subscription.
Subscription Design
Subscription Design is the structured approach to organizing and managing Azure subscriptions to align with business requirements, governance policies, and cost management.
Successor
In EIGRP, a successor is the primary next-hop router chosen to forward packets to a destination network, determined by having the highest feasibility and lowest metric.
sudo
sudo is a command-line utility in Unix-like operating systems that allows a permitted user to execute a program as another user, typically the superuser (root), based on security policy settings.
SUID
SUID (Set User ID) is a special file permission in Linux that allows a user to run an executable file with the file owner's privileges, typically root, rather than their own.
Supervised learning
Supervised learning is a type of machine learning where a model learns from labeled training data to make predictions or decisions.
Supervisory Control and Data Acquisition
SCADA is a system that monitors and controls industrial equipment like power grids, water plants, and pipelines from a central computer.
Supplier management
Supplier management is the process of overseeing and coordinating relationships with vendors and service providers to ensure they deliver quality products and services on time and within budget.
Support ticket
A support ticket is a digital record used to track, manage, and resolve a user's reported issue or service request within an IT help desk system.
Sustainability
Sustainability in IT refers to designing, operating, and disposing of technology systems in a way that minimizes environmental impact and promotes long-term resource efficiency.
Sustainability pillar
The Sustainability pillar is a framework within cloud architecture that focuses on minimizing environmental impact, reducing energy consumption, and optimizing resource usage across IT operations.
Sustained use discount
Sustained use discount is a pricing model that automatically reduces the cost of a cloud resource when you run it continuously for a significant portion of the billing month.
SVI
A Switch Virtual Interface (SVI) is a logical, software-based interface on a multilayer switch that provides Layer 3 routing capabilities for a VLAN, allowing devices in different VLANs to communicate without an external router.
SVS
The Service Value System (SVS) is the ITIL 4 framework component that describes how an organization's components and activities work together to facilitate value creation through IT services.
Swap partition
A swap partition is a dedicated area on a hard drive that the operating system uses as virtual memory when the physical RAM is full.
Switch
A switch is a networking device that connects devices on a local area network and uses MAC addresses to forward data only to the intended recipient.
Switch Virtual Interface
A logical interface on a network switch that allows it to be managed and communicate with other devices using IP addresses.
Switched Port Analyzer
A Switched Port Analyzer (SPAN) is a feature on network switches that copies traffic from one or more ports to a monitoring port for analysis.
Switched Virtual Interface
A virtual interface on a Layer 3 switch that allows that switch to route traffic between VLANs without needing a separate router.
Switchport
A switchport is a physical or virtual interface on a network switch that connects devices like computers, printers, or other switches to a local area network.
Symbolic link
A symbolic link is a special file that points to another file or directory, acting as a shortcut that the operating system treats as the original item.
Symmetric encryption
Symmetric encryption is a cryptographic method where the same secret key is used to both encrypt and decrypt data, ensuring confidentiality between two parties.
Synchronization
Synchronization is the process of making sure two or more systems, devices, or pieces of data stay exactly matched and up-to-date with each other.
Syslog
Syslog is a standard protocol used to send and store log messages from network devices and servers to a central logging server for monitoring and troubleshooting.
Syslog Configuration
Syslog configuration is the process of setting up network devices to send log messages to a central server for centralized monitoring, troubleshooting, and security analysis.
Syslog Logging Levels
Syslog logging levels are numbered severity codes from 0 to 7 that classify system messages from emergencies (0) to debugging information (7).
Sysmon
Sysmon is a Windows system service and device driver that logs detailed system activity to help security professionals detect and investigate malicious behavior.
System Configuration
System Configuration refers to the specific combination of hardware components, software settings, and operating system parameters that determine how a computer behaves and performs.
System high mode
System high mode is a security operating mode where all users with access to the system have security clearances that meet the highest classification level of information processed, but may not have a formal need-to-know for all data within the system.
System Restore
System Restore is a Windows utility that lets you revert your computer's system files, registry settings, and installed programs to a previous state without affecting your personal files.
System-assigned managed identity
A system-assigned managed identity is an automatically created Azure Active Directory identity that is tied to a specific Azure resource and is used to securely authenticate to other Azure services without storing credentials.
systemctl
systemctl is the command-line tool used to inspect, start, stop, enable, or disable services managed by the systemd init system in Linux.
systemd
systemd is a system and service manager for Linux operating systems that initializes and manages processes, services, and system resources after the kernel boots.
Systems Manager
A unified cloud-based service that lets IT administrators centrally manage the configuration, patching, and health of a fleet of servers and virtual machines.
Table
A table is a structured collection of data organized into rows and columns, used in databases and spreadsheets to store and manage information efficiently.
Table storage
Table storage is a NoSQL key-value store in the cloud that lets you store and query large amounts of structured, non-relational data without needing a traditional database server.
Tablet
A tablet is a portable computing device with a touchscreen interface, typically larger than a smartphone but smaller than a laptop, used for browsing, media consumption, and light productivity tasks.
Tabletop exercise
A tabletop exercise is a discussion-based session where team members talk through their response to a simulated emergency scenario to test plans and identify gaps without actually running any systems or deploying resources.
TACACS+
TACACS+ is a protocol that separates authentication, authorization, and accounting functions to control who can access network devices and what they can do.
Tactical intelligence
Tactical intelligence is the analysis of real-time threat data to guide immediate defensive actions in a security operations center.
Tag
A tag is a metadata label attached to a cloud resource or IT asset to organize, track, and manage it based on custom attributes like environment, owner, or cost center.
Tagging strategy
A tagging strategy is a planned system of labels assigned to cloud resources to organize them, track costs, enforce security, and automate management across an IT environment.
Tailgating
Tailgating is a physical security breach where an unauthorized person follows an authorized person into a restricted area without proper authentication.
Taints and Tolerations
Taints and tolerations are Kubernetes features that control which pods can be scheduled onto which nodes by marking nodes with a taint and allowing pods to declare a toleration to the taint.
Target group
A target group is a logical grouping of one or more backend resources, such as servers or containers, that handles incoming requests and is associated with a load balancer rule to distribute traffic.
Target of evaluation
The Target of Evaluation (TOE) is the specific system, product, or component that is formally assessed against a set of security requirements during a security evaluation or certification process.
Target tracking policy
A target tracking policy is an AWS Auto Scaling feature that automatically adjusts the number of EC2 instances to maintain a specified target value for a given metric, such as average CPU utilization.
Target unit
A target unit is a defined logical or physical entity within a system management framework, used to specify where an administrative action, policy, or configuration change is applied, typically in enterprise environments with many devices.
Task
A Task in Azure DevOps is a predefined, reusable step that performs a specific action during a build or release pipeline, like compiling code or running tests.
Task Manager
Task Manager is a built-in Windows utility that shows running programs, processes, and system performance, allowing users to monitor and manage computer activity.
Task state
Task state refers to the current condition of a process or thread within an operating system, indicating whether it is running, ready to run, waiting, or terminated.
TAXII
TAXII (Trusted Automated eXchange of Indicator Information) is a standardized protocol that enables the automated sharing of cyber threat intelligence (CTI) between organizations and security systems.
TCB
TCB (Trusted Computing Base) is the collection of all hardware, firmware, and software components in a system that are essential to enforcing its security policy.
TCO
Total Cost of Ownership (TCO) is the complete cost of owning and operating an IT asset over its entire lifecycle, including purchase, maintenance, support, energy, and disposal costs, not just the initial price tag.
TCO Calculator
A TCO Calculator is a tool that estimates the total cost of owning and operating an IT asset over its entire lifecycle, including purchase, maintenance, support, and disposal costs.
TCP
TCP is a connection-oriented transport layer protocol that ensures reliable, ordered, and error-checked delivery of data between applications over IP networks.
TCP
TCP (Transmission Control Protocol) is a core internet protocol that ensures data is sent reliably and in order between devices over a network.
TCP Proxy Load Balancer
A TCP Proxy Load Balancer is a network device that terminates incoming TCP connections from clients, establishes a new TCP connection to a backend server, and relays data between the two, enabling advanced traffic management and security features.
TCP/IP model
The TCP/IP model is the set of communication protocols used to connect devices on the internet and most private networks, organizing network communication into four layers.
Team Building
Team building is the process of creating a cohesive group of people who work together effectively toward a shared goal.
Team site
A Team site is a collaboration workspace in platforms like Microsoft SharePoint or Microsoft Teams where team members share files, manage tasks, and communicate within a centralized, permission-controlled environment.
Teams admin center
The Teams admin center is a web-based management portal where IT administrators control settings, users, policies, and features for Microsoft Teams across an organization.
Teams policy
A Teams policy is a set of rules in Microsoft Teams that controls how users can communicate, collaborate, and access features within the application.
Teams role
A set of permissions that controls what a user can do in Microsoft Teams, such as managing channels, creating meetings, or adding apps.
Technical control
A technical control is a security mechanism implemented through hardware, software, or firmware that protects the confidentiality, integrity, and availability of IT systems and data.
Technical finding
A technical finding is a specific observation or conclusion drawn from analyzing IT systems, logs, or test results that points to a configuration issue, security vulnerability, or operational inefficiency.
Technical management practice
Technical management practice is the ITIL term for the set of activities that plan, coordinate, and oversee the technical resources, skills, and infrastructure needed to deliver IT services.
Telemetry
Telemetry is the automatic collection, transmission, and measurement of data from remote sources to a central system for analysis and monitoring.
Telnet
Telnet is a network protocol that provides a bidirectional, interactive text-based communication session between two machines over a network, typically used for remote access and management of network devices.
TEMPEST
TEMPEST is a U.S. government standard for protecting electronic equipment from emitting electromagnetic signals that could be intercepted to steal sensitive information.
Temporal Key Integrity Protocol
TKIP is a security protocol used in Wi-Fi networks to strengthen encryption by dynamically changing the encryption key for each data packet.
Temporary profile
A user profile that Windows creates automatically when the regular profile fails to load, providing limited and temporary access to the system.
Tenant
A dedicated and isolated instance of Microsoft Entra ID that an organization receives when signing up for a Microsoft cloud service.
Tenant attach
Tenant attach is a Microsoft device management feature that links on-premises Configuration Manager hierarchies to the Microsoft Intune cloud service for unified endpoint management.
Tenant boundary
A tenant boundary is the logical and physical separation between different customers' resources in a shared cloud environment that ensures data isolation and security.
Tenant configuration
Tenant configuration is the process of setting up and customizing a logically isolated environment (the tenant) within a shared software platform to meet the specific needs of an organization or end-user group.
Terminal
A terminal is a text-based interface that allows users to communicate with a computer's operating system by typing commands.
Terminal Access Controller Access Control System Plus
TACACS+ is a network security protocol that separates authentication, authorization, and accounting to control who can access network devices and what they can do.
Terminal Access Controller Access-control System
TACACS+ is a remote authentication protocol that uses three separate servers to verify who you are, what you are allowed to do, and record what you did on network devices.
Terraform
Terraform is an infrastructure-as-code tool that lets you define and manage your IT infrastructure using configuration files instead of manual processes.
Terraform on Google Cloud
Terraform on Google Cloud is an infrastructure-as-code tool that lets you define, provision, and manage Google Cloud resources using declarative configuration files instead of manual clicks or scripts.
Test data
Test data is a set of information used to verify that a software application or system works correctly under various conditions.
Tethering
Tethering is sharing your phone's internet connection with another device, like a laptop or tablet, so it can go online.
Text analytics
Text analytics is the process of turning unstructured text, like emails or social media posts, into structured data that can be analyzed to find patterns, sentiments, and insights.
Text Record
A DNS Text Record (TXT record) is a type of resource record that stores human-readable or machine-readable text data associated with a domain name.
Text to speech
Text to speech is a technology that converts written text into spoken audio using computer-generated voices.
TFTP
TFTP, or Trivial File Transfer Protocol, is a simple, lightweight network protocol used to transfer files between devices without the security or advanced features of FTP.
theHarvester
theHarvester is an open-source intelligence (OSINT) tool used to gather emails, subdomains, IP addresses, and other public data about a target from search engines and public sources.
Thermal paste
Thermal paste is a heat-conductive substance applied between a computer's processor and its cooler to improve heat transfer and prevent overheating.
Thermal printer
A thermal printer is a type of printer that uses heat to transfer an image onto paper, commonly used for receipts and labels.
Think and work holistically
Thinking and working holistically means considering the entire IT service system, including all processes, technologies, and people, rather than focusing only on a single component or issue.
Third-party authorisation
Third-party authorisation is when a system relies on an external entity to verify a user's identity or permissions before granting access to resources.
Threat
A threat is any potential danger that could harm a computer system, network, or data, whether from a malicious hacker, a natural disaster, or an accidental mistake.
Threat actor
A threat actor is any person or group that intentionally causes harm to digital systems, networks, or data.
Threat analytics
Threat analytics is the process of using threat intelligence, machine learning, and behavioral data to identify, assess, and predict cybersecurity threats in real time.
Threat emulation
Threat emulation is the proactive simulation of real-world cyberattacks within a controlled environment to test an organization's defenses, identify vulnerabilities, and improve security posture.
Threat Explorer
A Microsoft 365 security tool that provides real-time interactive reports to investigate and analyze threats detected by Microsoft Defender for Office 365.
Threat hunting
Threat hunting is a proactive cybersecurity practice where analysts actively search networks, endpoints, and logs for hidden threats that have evaded automated security tools.
Threat intelligence
Threat intelligence is evidence-based knowledge about existing or emerging cyber threats that helps organizations defend against attacks.
Threat model
A threat model is a structured approach to identifying, analyzing, and prioritizing potential security threats to a system or application.
Threat Modeling for Azure
Threat modeling for Azure is a structured process to identify, analyze, and prioritize potential security threats to cloud applications and infrastructure hosted on Microsoft Azure, so teams can design effective defenses before deployment.
Threat modelling
Threat modelling is a structured approach to identifying, evaluating, and documenting potential security threats to a system so that defenses can be built proactively.
Threat protection
Threat protection is the set of security measures and technologies used to detect, prevent, and respond to cyberattacks and unauthorized access to systems and data.
Threat vector
A threat vector is the path or method a cyber attacker uses to gain unauthorized access to a computer system or network.
Throughput
Throughput is the rate at which data is successfully transferred from one point to another over a network, typically measured in bits per second.
Thunderbolt Technology
Thunderbolt Technology is a high-speed hardware interface that combines data transfer, video output, and power delivery through a single cable, originally developed by Intel and Apple.
Ticketing system
A ticketing system is a software tool used by IT teams to track, manage, and resolve issues or requests reported by users, ensuring nothing gets lost and everything is handled in an organized way.
Time-based One-time Password
A temporary, automatically generated code that changes every few seconds and is used as an extra layer of security when logging into an account.
Timeline analysis
Timeline analysis is the process of ordering events by their time of occurrence to establish a sequence of actions during an incident response investigation.
TKIP
TKIP is a security protocol used in WPA to replace WEP's static key with dynamic per-packet keys, ensuring data integrity.
TLS
Transport Layer Security (TLS) is a cryptographic protocol that encrypts data sent over the internet to keep it private and ensure it hasn’t been tampered with.
TLS Certificate Management
TLS Certificate Management is the process of creating, deploying, renewing, and revoking digital certificates that encrypt communication between computers over a network.
Token
A token is a digital or physical object that represents a set of permissions or access rights, used to verify identity or grant access in computer systems.
Tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
Toner cartridge
An electrophotographic printer component that holds a fine, dry plastic powder (toner) and supplies it to the imaging drum to produce text and images on paper.
Toner probe
A toner probe is a two-part tool used in networking to trace and identify specific cables within a bundle of wires, often by sending an audio signal down the wire and detecting it with a wand.
Total cost of ownership
Total cost of ownership (TCO) is the complete cost of owning and operating an IT asset over its entire lifecycle, including purchase price, maintenance, support, energy, and disposal fees.
Touchpad
A touchpad is a flat, touch-sensitive surface built into a laptop that allows you to control the cursor and perform clicks by moving your finger across it.
Touchscreen
A touchscreen is a display that can detect and respond to the touch of a finger or stylus, allowing you to interact directly with what is shown on the screen.
TPM
TPM (Trusted Platform Module) is a dedicated hardware chip on a computer's motherboard that stores cryptographic keys, passwords, and certificates to secure the system against unauthorized access and tampering.
Trace
A trace is a record of the path and timing of a request or operation as it moves through components in a system, used to monitor performance and troubleshoot issues.
Traceroute
Traceroute is a network diagnostic tool that maps the route data packets take from your computer to a destination, showing each intermediate hop and the time taken.
Traffic Manager
A traffic manager is a networking device or service that directs incoming data traffic across multiple servers or links to balance load, improve performance, and ensure availability.
Traffic shaping
Traffic shaping is a network bandwidth management technique that controls the flow of data packets to ensure smooth performance and prevent congestion by intentionally delaying some traffic.
Training and Development
Training and Development is the process of enhancing team members' skills, knowledge, and competencies to improve project performance and achieve career growth.
Training data
Training data is a set of examples used to teach a machine learning model how to make predictions or decisions.
Transactional data
Transactional data is information that captures a specific event or exchange, such as a sale, a payment, or a system log entry, and is recorded in a database or log system.
Transceiver
A transceiver is a device that both transmits and receives signals, combining a transmitter and a receiver into a single unit for communication over a network medium.
Transfer Appliance
A specialized hardware or virtual device used to securely and efficiently migrate large volumes of data between storage systems, often across different environments or geographic locations, without tying up production network bandwidth.
Transfer belt
A transfer belt is a component in laser printers that carries toner images from the imaging drum to the paper, ensuring accurate color alignment in color printing.
Transit Gateway
A Transit Gateway is a network hub that connects multiple virtual private clouds (VPCs) and on-premises networks through a single, central gateway to simplify routing and reduce complexity.
Transparency
Transparency in AI means that the inner workings, decision-making processes, and data used by an AI system are open, understandable, and auditable by humans.
Transparent Data Encryption
Transparent Data Encryption is a security feature that automatically encrypts data written to a database and decrypts it when read, without requiring any changes to the application.
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol that provides secure, encrypted communication between two devices over a network, such as between a web browser and a server.
Transport rule
A Transport rule is a set of conditions and actions within Microsoft Exchange Online or Exchange Server that automatically processes email messages during transit based on defined criteria.
Triage
Triage is the process of quickly assessing and prioritizing security incidents based on their severity, impact, and urgency to determine the appropriate response.
Trigger
In Azure data services, a trigger is a predefined automatic action that initiates a process when a specific event occurs, such as data arriving or a schedule being met.
Trivial File Transfer Protocol
TFTP is a simple, lightweight protocol used to transfer files between devices on a network without the security and error-checking features of more robust file transfer methods.
Trojan
A Trojan is a type of malware that disguises itself as a legitimate file or program to trick users into installing it, then performs harmful actions without the user's knowledge.
Troubleshooting step
A troubleshooting step is one specific action taken in a logical sequence to identify, isolate, and resolve a technical problem in an IT system.
True negative
A true negative is a test result that correctly identifies the absence of a condition or threat, meaning no false alarm occurred.
True positive
A true positive is when a security tool correctly identifies a real threat or malicious activity.
Trunk port
A trunk port is a switch port configured to carry traffic for multiple VLANs, using a tagging protocol to identify which VLAN each frame belongs to.
Trunk-based development
Trunk-based development is a version control practice where developers integrate small changes frequently into a single main branch, called the trunk, to avoid merge conflicts and enable continuous delivery.
Trust boundary
A trust boundary is the logical or physical line that separates a trusted, secure area from an untrusted, potentially hostile environment in a computer system or network.
Trust Center
A Trust Center is a centralized portal or collection of resources where an organization publishes its security, compliance, privacy, and data protection policies to build customer and stakeholder confidence.
Trusted Advisor
A Trusted Advisor is an IT professional who earns deep client trust through expert guidance, ethical behavior, and a focus on the client’s long-term success rather than just selling products.
Trusted computing base
The trusted computing base is the entire set of hardware, firmware, and software components that are critical to a system's security, meaning that any flaw in these components can break the entire security policy.
Trusted Platform Module
A Trusted Platform Module (TPM) is a dedicated microcontroller chip that securely stores cryptographic keys, passwords, and certificates to protect a computer's hardware and ensure system integrity.
TTL
TTL (Time to Live) is a field in IP packets that limits the number of hops a packet can traverse before being discarded.
TTL
TTL (Time to Live) is a value in network packets that limits how many hops or seconds the packet can travel before being discarded, preventing infinite loops and network congestion.
TTP
TTP stands for Tactics, Techniques, and Procedures, which describe the behavior patterns and methods used by threat actors in cybersecurity attacks.
Twisted Nematic
Twisted Nematic (TN) is a type of liquid crystal display (LCD) technology that uses liquid crystals twisted at a 90-degree angle to control light and create images on a screen.
Two-Tier vs Three-Tier Architecture
Two-Tier and Three-Tier Architecture are network design models that separate network functions into layers to improve performance, security, and manageability, with the two-tier model having a collapsed core and distribution layer, and the three-tier model adding a separate core layer.
TX
TX (Transmitter) is the component or port in a network device that sends data signals onto a transmission medium.
TX
TX (Transmit/Transmitter) is the signal path that sends data from a device to another device or network medium.
TXT record
A TXT record is a type of DNS record that stores text information for a domain, commonly used for verification, email security, and policy purposes.
Type 1 hypervisor
A Type 1 hypervisor is a lightweight operating system that runs directly on server hardware to create and manage virtual machines without needing a separate host OS.
Type 2 hypervisor
A Type 2 hypervisor is software that creates and runs virtual machines on top of a host operating system, rather than directly on the hardware.
Typosquatting
Typosquatting is a cyberattack where attackers register domain names that are common misspellings of popular websites to trick users into visiting fraudulent sites.
UAC
User Account Control is a Windows security feature that prevents unauthorized changes to your computer by asking for permission before allowing certain actions.
udev
udev is a device manager for the Linux kernel that dynamically manages device nodes in the /dev directory, handling device insertion, removal, and event-driven configuration.
UDP
UDP (User Datagram Protocol) is a communication protocol that sends data quickly without first checking if the receiver is ready or if the data arrived correctly.
UDR
UDR is a user-defined routing rule that controls how network traffic moves between subnets or to external destinations in a cloud or on-premises environment.
UEFI
UEFI (Unified Extensible Firmware Interface) is a modern firmware interface that initializes hardware and boots the operating system, replacing the older BIOS.
UFW
UFW (Uncomplicated Firewall) is a user-friendly command-line interface for managing iptables firewall rules on Linux systems, designed to simplify network security configuration.
umask
Umask (user file-creation mode mask) is a Linux/Unix setting that determines the default permissions assigned to new files and directories by subtracting or masking permission bits from a base set.
Unauthenticated scan
An unauthenticated scan is a vulnerability assessment performed without providing valid login credentials, simulating an outside attacker's perspective.
Underfitting
Underfitting occurs when a machine learning model is too simple to capture the underlying patterns in the training data, resulting in poor performance on both training and new data.
Underlay vs Overlay Network
An underlay network is the physical infrastructure that carries data, while an overlay network is a virtual network built on top of the underlay to provide additional services and segmentation.
Unified Extensible Firmware Interface
UEFI is the modern replacement for BIOS that controls how a computer starts up and loads the operating system.
Unified Threat Management
Unified Threat Management (UTM) is a single security appliance or service that combines multiple network security functions like firewall, antivirus, intrusion prevention, and content filtering into one device.
Uniform Resource Locator
A Uniform Resource Locator (URL) is the web address you type into a browser to access a specific resource like a webpage, image, or file on the internet.
Uninterruptible Power Supply
A device that provides emergency power to connected equipment when the main power source fails or drops to an unacceptable voltage level.
uniq
uniq is a Unix/Linux command that filters out adjacent duplicate lines from a sorted or unsorted text file or input stream, reporting only unique occurrences.
Universal Plug and Play
Universal Plug and Play is a set of networking protocols that allows devices on a network to discover each other and connect automatically without manual configuration.
Universal Serial Bus
A Universal Serial Bus (USB) is a standard interface that allows you to connect devices like keyboards, mice, storage drives, and printers to a computer for data transfer and power delivery.
Universal Serial Bus Type C
A small, reversible 24-pin USB connector that supports high-speed data transfer, power delivery, and video output, used in modern devices.
Unknown unicast
An unknown unicast is a frame sent to a switch that is destined for a MAC address the switch does not have in its MAC address table.
Unmanaged instance group
An unmanaged instance group is a collection of virtual machine instances that you manage individually, without the automatic scaling, healing, and rolling update features provided by managed instance groups.
Unmount
Unmount is the process of safely detaching a file system or storage device from the operating system, ensuring all pending data writes are completed and system consistency is maintained.
Unshielded Twisted Pair
Unshielded Twisted Pair (UTP) is a type of copper cabling used in Ethernet networks, where pairs of wires are twisted together to reduce electrical interference, without additional metallic shielding.
Unstructured data
Unstructured data is information that does not have a predefined data model or is not organized in a predefined manner, making it difficult for traditional databases to read and process.
Unsupervised learning
Unsupervised learning is a type of machine learning where an algorithm finds patterns, groupings, or structure in data without being given labeled examples or correct answers.
Update
An update is a piece of software released to fix problems, add features, or improve security in an existing program or system.
Update domain
An update domain is a logical grouping of resources in a cloud or datacenter environment that can be patched or updated together without causing downtime to the entire application.
Update management
Update management is the process of controlling and deploying software patches and updates to keep systems secure, stable, and compliant.
Update ring
An Update ring is a policy-based group in Windows 10/11 deployment that controls the timing, pace, and scope of feature updates and quality updates pushed to devices across an organization.
Upgrade
An upgrade is the process of replacing an existing component, software, or system with a newer or better version to improve performance, security, or functionality.
UPS
A UPS (Uninterruptible Power Supply) provides emergency backup power to connected equipment when the main power fails, protecting against data loss and hardware damage.
Uptime check
An uptime check is a monitoring test that verifies whether a system or service is running and accessible over a network.
URL
A URL is a string of characters that identifies the location and method to access a resource on the internet.
uRPF
Unicast Reverse Path Forwarding is a network security feature that verifies the source address of incoming packets to prevent IP spoofing attacks.
Usable hosts
Usable hosts are the IP addresses in a subnet that can actually be assigned to devices like computers, printers, or servers, excluding the network and broadcast addresses.
Usage plan
A usage plan is a set of throttling and quota rules that govern how clients can access an API, controlling request rates and access limits per user or application.
USB
USB (Universal Serial Bus) is a standard for connecting peripherals to a host computer, supporting data transfer and power delivery.
USB Standards
USB Standards define the rules for how devices connect and communicate through Universal Serial Bus ports, including data speed and power delivery.
Use case
A use case is a description of how a specific user or system interacts with a system to achieve a particular goal, often used in security operations to define required functions and validate system behavior.
User
A user is any person, system, or device that interacts with an IT service, resource, or identity system, typically authenticated through credentials and authorized to perform specific actions.
User Access Administrator
A User Access Administrator is an IT professional responsible for managing who can access what resources in an organization, including creating, modifying, and revoking user accounts and permissions across systems.
User account
A user account is a digital identity that allows a person to access a computer system, network, or application with specific permissions and settings.
User Account Control
User Account Control (UAC) is a Windows security feature that prevents unauthorized changes to the operating system by prompting for permission before allowing actions that affect system settings or installed programs.
User behaviour analytics
User behaviour analytics (UBA) is a cybersecurity process that monitors and analyzes patterns in how users interact with systems to detect abnormal actions that may indicate a security threat.
User Datagram Protocol
User Datagram Protocol (UDP) is a fast, connectionless network protocol that sends data without first checking if the receiver is ready or if the data arrived safely.
User license
A user license is a legal agreement that grants a person or organization the right to use a software product under specific terms and conditions.
User lifecycle
User lifecycle is the complete journey of a user's account in a system, from creation through maintenance to eventual removal.
User profile
A user profile is a collection of settings, permissions, and preferences that define a specific user's identity and access rights on a computer system or network.
User story
A user story is a short, simple description of a feature told from the perspective of the end user, used in agile software development to guide work.
User-assigned managed identity
A user-assigned managed identity is a standalone Azure identity that can be assigned to one or more Azure resources, enabling them to authenticate to other services without storing credentials.
User-defined route
A user-defined route (UDR) is a custom routing rule you create in a cloud or on-premises network to override or supplement the system's default routing behavior, directing network traffic along a specific path.
useradd
A command-line utility in Unix-like operating systems used to create a new user account with specified settings.
userdel
The userdel command is a Linux system utility used to delete a user account and related files from the system.
usermod
usermod is a Linux command that modifies existing user account settings like group membership, home directory, or login shell.
Utility
Utility, in IT service management, is the measure of a service's functionality that ensures it is fit for purpose by meeting the specific needs of the customer.
UTM
Unified Threat Management (UTM) is a comprehensive security appliance that combines multiple security functions like firewall, antivirus, intrusion prevention, and VPN into a single device.
UTP
Unshielded Twisted Pair (UTP) is a copper cabling type with pairs of twisted wires and no shielding, used for Ethernet networks.
Validation data
Validation data is a subset of data used during the training of a machine learning model to tune its hyperparameters and evaluate its performance on unseen data before final testing.
Value
Value is the perceived worth, benefit, or usefulness that a service, product, or activity delivers to stakeholders, especially customers and the business.
Value co-creation
Value co-creation is a service management concept where value is not simply delivered by a provider to a consumer, but is actively created together through the interaction, collaboration, and shared activities of both parties.
Variable group
A variable group is a reusable collection of key-value pairs in Azure DevOps that can store configuration settings and secrets, shared across multiple pipelines.
Variable Length Subnet Mask
A Variable Length Subnet Mask (VLSM) allows network engineers to divide an IP address space into subnets of different sizes, using different subnet masks for each subnet to match the exact number of hosts needed.
Variables
A variable is a named storage location in a computer program that holds a value which can change during execution.
VDI
Virtual Desktop Infrastructure (VDI) is a technology that hosts desktop operating systems on a central server so users can access their personal desktop environment from any device.
Vector search
Vector search is a method of finding similar items by comparing mathematical representations of data instead of exact matches.
Verify explicitly
Verify explicitly means that a system must actively confirm a user's identity or permissions before granting access, rather than trusting implied or cached credentials.
Version control
Version control is a system that tracks and manages changes to files over time, allowing you to revisit, compare, and restore previous versions.
Vertex AI
Vertex AI is a unified platform from Google Cloud that lets you build, deploy, and scale machine learning models using a single set of tools and services.
Vertical Alignment
Vertical alignment is the precise positioning of components or data so that they line up correctly along a vertical axis, ensuring proper connection, communication, or readability.
vgs
In Linux LVM, vgs is a command that displays information about volume groups, which are collections of physical storage volumes managed as a single pool.
Video Connectors
Video connectors are the physical ports and plugs used to transmit video signals from a source device, like a computer, to a display, such as a monitor or projector.
Video Display Troubleshooting
Video display troubleshooting is the process of identifying and fixing problems with a computer monitor or screen so it shows a clear, stable image.
Video Graphics Array
Video Graphics Array (VGA) is a standard analog display interface used to connect computers to monitors, projectors, and other display devices.
Video Random-access Memory
Video Random-access Memory (VRAM) is a special type of memory used by a graphics card to store image data that the computer screen displays.
View
A view is a saved query in a database that acts like a virtual table, letting you see specific data without storing it separately.
Violation mode
Violation mode is a port security feature on Cisco switches that defines what action is taken when an unauthorized device attempts to connect to a secured switch port.
VIP
A Virtual IP Address (VIP) is a logical IP address shared among multiple devices to provide high availability and load balancing.
Virtual appliance
A virtual appliance is a pre-built software solution that includes an operating system and application, packaged as a virtual machine image for easy deployment on a hypervisor.
Virtual desktop infrastructure
Virtual desktop infrastructure (VDI) is a technology that hosts desktop operating systems on a central server, allowing users to access a full desktop environment remotely from any device over a network.
Virtual Extensible LAN
Virtual Extensible LAN (VXLAN) is a network virtualization technology that uses encapsulation to create isolated, scalable, Layer 2 networks across a Layer 3 infrastructure.
Virtual IP
A Virtual IP (VIP) is a floating IP address shared among multiple servers or network devices to provide high availability and fault tolerance without being tied to a single physical interface.
Virtual machine
A virtual machine (VM) is a software-based emulation of a physical computer that runs an operating system and applications just like a real machine, but is isolated and managed by a hypervisor on a host system.
Virtual Machine Networking
Virtual machine networking is how virtual computers on a physical server connect to each other, to the internet, and to the rest of a network.
Virtual network
A virtual network is a software-based network that connects computers, servers, and devices over the internet or within a cloud environment, simulating a physical network without requiring dedicated hardware.
Virtual Private Cloud
A Virtual Private Cloud (VPC) is a logically isolated section of a public cloud where you can run resources in a private, customizable network environment.
Virtual Routing and Forwarding
Virtual Routing and Forwarding (VRF) is a technology that allows a single physical router to operate like multiple independent routers by keeping separate routing tables and forwarding decisions for each instance.
Virtual Routing and Forwarding
Virtual Routing and Forwarding (VRF) is a technology that lets a single physical router operate as if it were multiple independent routers, each keeping its own separate routing table.
Virtual Switch
A virtual switch is a software-based network switch that connects virtual machines within a hypervisor and forwards traffic between them and the physical network.
Virtualization security
Virtualization security is the practice of protecting virtualized environments including virtual machines, hypervisors, virtual networks, and related infrastructure from threats and vulnerabilities.
Virus
A virus is a malicious software program that attaches itself to legitimate files or programs and spreads to other systems, often causing damage or stealing information.
Vishing
Vishing is a social engineering attack where criminals use phone calls or voice messages to trick victims into revealing sensitive information.
Visibility timeout
A visibility timeout is a mechanism in message queues or distributed systems that temporarily hides a message from other consumers while one consumer processes it, preventing duplicate processing.
Vision AI
Vision AI is a Google Cloud service that uses machine learning to analyze images and videos, extracting meaningful information without requiring custom model building.
Viva
Viva is a Microsoft 365 employee experience platform that helps organizations connect, engage, and develop their workforce through personalized insights, communications, and learning tools.
VLAN
A VLAN logically segments a physical network into isolated broadcast domains without requiring separate physical switches.
VLAN
A VLAN (Virtual Local Area Network) is a logical grouping of network devices that behave as if they are on the same physical network segment, regardless of their actual physical location.
VLAN Access Map
A VLAN Access Map is a Cisco IOS feature that controls traffic flow between VLANs by applying match-action rules to packets traversing a specific VLAN within a switch.
VLAN mismatch
A VLAN mismatch occurs when two connected network devices are configured with different VLAN assignments on the same link, causing traffic to be dropped or misrouted.
VLAN tagging
VLAN tagging is a method used to identify which VLAN a network frame belongs to as it travels across a trunk link, allowing multiple VLANs to share the same physical connection without mixing their traffic.
VLAN Trunking
VLAN Trunking is a method to carry traffic for multiple VLANs over a single network link between switches or between a switch and a router.
VLSM
Variable Length Subnet Masking (VLSM) is a technique that allows network engineers to create subnets of different sizes within the same network, using custom subnet masks to match the exact number of hosts needed.
VM scale set
A VM scale set is a cloud computing service that automatically manages a group of identical virtual machines that can increase or decrease in number based on demand.
VM size
VM size is the specific combination of virtual CPU cores, memory, and sometimes temporary storage that defines the capacity and performance of a virtual machine in a cloud environment.
VM Sizing and Scaling
VM Sizing and Scaling is the process of selecting the right virtual machine configuration and adjusting resources to meet changing application demands.
VNC
VNC is a cross-platform remote desktop protocol that allows a user to control another computer's graphical interface over a network.
VNC
VNC (Virtual Network Computing) is a cross-platform remote desktop protocol that allows a user to control another computer over a network.
VNet
A virtual private network inside a cloud provider that lets you securely connect and isolate your cloud resources.
VNet peering
VNet peering is a networking connection that links two virtual networks so they can communicate with each other as if they were a single network.
Voice over IP
Voice over IP (VoIP) is a technology that lets you make phone calls using an internet connection instead of a traditional telephone line.
Voice VLAN
A Voice VLAN is a separate virtual local area network configured on a network switch to carry voice traffic, such as from IP phones, ensuring quality of service and security by isolating it from data traffic.
VoIP
VoIP (Voice over IP) is a technology that transmits voice calls as digital data packets over IP networks instead of traditional circuit-switched telephone lines.
Volatility Framework
An open-source memory forensics tool used to extract digital evidence from a computer's RAM (random access memory).
Volume group
A volume group is a pool of storage capacity created by grouping one or more physical volumes in Linux LVM that can be carved into logical volumes.
Volumes
In Kubernetes, a volume is a storage resource that outlives the pod it belongs to, enabling data to persist across container restarts and be shared between containers in the same pod.
VPC
A Virtual Private Cloud (VPC) is a logically isolated section of a cloud provider's network where you can launch and manage resources like servers and databases with complete control over IP addressing, subnets, route tables, and security.
VPC endpoint
A VPC endpoint is a private connection that allows resources inside a Virtual Private Cloud to access supported AWS services or external networks without going over the public internet.
VPC Flow Logs
A feature that captures information about the IP traffic going to and from network interfaces in a Virtual Private Cloud (VPC).
VPC network
A Virtual Private Cloud (VPC) network is a logically isolated section of a public cloud provider's infrastructure where you can launch cloud resources in a virtual network that you define and control.
VPC peering
VPC peering is a direct network connection between two virtual private clouds that allows them to communicate using private IP addresses as if they were part of the same network.
VPC Service Controls
VPC Service Controls is a Google Cloud security feature that protects the data of managed services by defining perimeters that prevent data exfiltration and unauthorized access across public networks.
VPN
A VPN creates an encrypted tunnel over a public network to securely connect remote users or sites to a private network.
VPN
A VPN (Virtual Private Network) creates a secure, encrypted tunnel between your device and a remote server, protecting your data and hiding your online activity.
VPN concentrator
A VPN concentrator is a network device that manages, encrypts, and routes multiple VPN connections from remote users or sites into a single secure gateway.
VPN connection
A VPN connection creates a secure, encrypted tunnel between a device and a remote network over the public internet, protecting data from eavesdropping.
VPN Gateway
A VPN Gateway is a network device or service that creates an encrypted tunnel between two or more networks over the internet, allowing secure communication.
VPN Gateway Design
VPN Gateway Design is the process of planning and configuring a secure, encrypted connection between an on-premises network and a cloud virtual network, or between two cloud networks, using a dedicated gateway device in Azure.
VRF
VRF (Virtual Routing and Forwarding) allows a single router to maintain multiple separate routing tables, enabling network segmentation without additional hardware.
VRRP
VRRP is an open standard protocol that provides default gateway redundancy by allowing multiple routers to share a virtual IP address.
VRRP
VRRP (Virtual Router Redundancy Protocol) is a network protocol that automatically assigns a virtual IP address to a group of routers to ensure that if one router fails, another can take over seamlessly, keeping devices on the network connected.
VTP
VTP is a Cisco proprietary protocol that advertises VLAN configuration information across a network to keep VLAN databases consistent among switches.
VTP
VTP (VLAN Trunk Protocol) is a Cisco proprietary protocol that manages the addition, deletion, and renaming of VLANs across a switched network.
VTY
VTY (Virtual Teletype) lines are virtual ports on a Cisco network device that allow remote administration via Telnet or SSH.
Vulnerability
A vulnerability is a weakness in a system, network, or software that could be exploited by a threat to cause harm or unauthorized access.
Vulnerability assessment
A vulnerability assessment is a systematic review of security weaknesses in an information system, evaluating if the system is susceptible to any known vulnerabilities, assigning severity levels, and recommending remediation or mitigation.
Vulnerability management
Vulnerability management is the continuous process of identifying, classifying, prioritizing, and remediating security weaknesses in an organization's IT environment.
Vulnerability scan
A vulnerability scan is an automated process that checks systems, networks, and applications for known security weaknesses or misconfigurations.
Vulnerability scanner
A vulnerability scanner is an automated tool that identifies security weaknesses in systems, networks, and applications by comparing their configurations and software versions against known vulnerability databases.
Vulnerability scanning
Vulnerability scanning is an automated process that identifies security weaknesses in systems, networks, and applications by comparing them against known vulnerability databases.
VXLAN
VXLAN is a network overlay technology that encapsulates Layer 2 Ethernet frames in UDP packets to extend VLANs across Layer 3 networks.
WAF
A Web Application Firewall (WAF) is a security tool that filters, monitors, and blocks HTTP traffic to and from a web application to protect it from common attacks.
WAN
A Wide Area Network (WAN) is a telecommunications network that connects multiple smaller networks, like local area networks, across large geographical distances.
WAP
A WAP is a networking device that allows wireless devices to connect to a wired network using Wi-Fi standards.
Warm standby
A disaster recovery configuration where a secondary system runs in a reduced power state and receives regular updates, ready to take over within minutes if the primary fails.
Warranty
A warranty is a seller's promise to repair or replace a defective product within a specified period, backed by legal and service-level commitments.
Watering hole attack
A watering hole attack is a cyberattack where the attacker compromises a website that a target group trusts, in order to infect visitors with malware.
Wavelength Zone
A Wavelength Zone is a small, physically separate data center location within a metropolitan area that provides ultra-low latency for edge computing and 5G applications.
Web Application Firewall
A Web Application Firewall (WAF) is a security tool that monitors, filters, and blocks HTTP traffic to and from a web application to protect it from common attacks.
Web application scan
A web application scan is an automated security test that examines a web application for vulnerabilities that could be exploited by attackers.
Webcam
A webcam is a small digital camera that captures video and audio for live streaming or recording over the internet, typically used in video calls and online meetings.
WebSocket API
A WebSocket API is a programming interface that enables real-time, two-way communication between a client (like a web browser) and a server over a single, persistent TCP connection.
Weighted routing
Weighted routing is a traffic management technique that distributes network requests across multiple servers or paths according to assigned numerical weights, allowing for controlled, uneven load distribution.
Well-Architected Framework
A set of best practices and design principles for building secure, high-performing, resilient, and efficient cloud infrastructure.
WEP
WEP (Wired Equivalent Privacy) is an outdated wireless security protocol that encrypts data using the RC4 cipher and a static key, but is easily broken.
wget
wget is a free command-line tool for downloading files from the internet using protocols like HTTP, HTTPS, and FTP.
Whaling
Whaling is a type of phishing attack that specifically targets high-level executives or senior management in an organization to steal sensitive data or money.
WHOIS lookup
WHOIS lookup is a query and response protocol used to search databases that store the registration information of domain names and IP address blocks.
Wi-Fi
Wi-Fi is a technology that lets devices like laptops and phones connect to the internet or communicate with each other wirelessly using radio waves.
Wi-Fi antenna
A Wi-Fi antenna is a device that converts electrical signals from a wireless network adapter into radio waves for transmission and captures incoming radio waves to convert them back into electrical signals.
Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is a security standard designed to secure wireless networks by encrypting data and controlling access, replacing the older and less secure WEP standard.
Wi-Fi Protected Setup
A network security feature designed to simplify the process of connecting devices to a Wi-Fi network by using a push button or PIN instead of entering the full password.
Wide Area Network
A Wide Area Network (WAN) is a telecommunications network that connects computers and devices across large geographical distances, such as between cities or countries.
WiFi Encryption Cracking
WiFi encryption cracking is the process of breaking the security on a wireless network to gain unauthorized access to the data or the network itself.
Wildcard mask
A wildcard mask is a sequence of 32 bits used alongside an IP address to define which bits must match and which are ignored for routing, access control, or network matching purposes.
Win32 app
A Win32 app is a traditional Windows program that runs directly on a Windows PC, using the same system resources and displaying a standard window with menus and buttons.
Windows
Windows is a family of operating systems developed by Microsoft that manages computer hardware and software, providing a graphical user interface for users to interact with their devices.
Windows 10
Windows 10 is a personal computer operating system developed by Microsoft that combines the familiarity of Windows 7 with the modern features of Windows 8, designed to run on a wide range of devices from desktops to tablets.
Windows 11
Windows 11 is Microsoft's latest desktop operating system, offering a redesigned interface, enhanced security features, and improved support for modern hardware.
Windows 11 Features
Windows 11 is Microsoft's latest desktop operating system, featuring a redesigned interface, enhanced security requirements, and productivity tools designed for modern hardware and hybrid work environments.
Windows 365
Windows 365 is a cloud-based service from Microsoft that streams a full Windows operating system, including apps and data, to any device, allowing you to use a personal Windows desktop from anywhere.
Windows Autopatch
Windows Autopatch is a Microsoft cloud service that automatically applies Windows and Microsoft 365 app updates to enrolled devices, reducing the manual effort needed for patch management.
Windows Autopilot
Windows Autopilot is a cloud-based deployment technology that automates the setup and configuration of new Windows devices, reducing the need for IT staff to manually image or touch each machine.
Windows Command Line
The Windows Command Line is a text-based interface that lets you control a computer by typing commands instead of clicking icons.
Windows Configuration Designer
Windows Configuration Designer is a Microsoft tool that creates provisioning packages to configure Windows devices automatically before or during deployment.
Windows Defender
Windows Defender is a built-in antimalware and security tool in Microsoft Windows that protects your computer from viruses, spyware, and other malicious software without needing to install anything extra.
Windows Defender Firewall
Windows Defender Firewall is a built-in security feature in Microsoft Windows that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Windows event log
The Windows event log is a built-in service that records system, security, and application activities in a structured file so administrators can monitor health, detect problems, and investigate security incidents.
Windows Registry
A central hierarchical database in Windows that stores configuration settings for the operating system, hardware, software, and user preferences.
Windows Update failure
A Windows Update failure occurs when the operating system cannot download, install, or configure updates from Microsoft servers successfully.
Windows Update for Business
Windows Update for Business is a set of policies and settings that IT administrators use to manage and control how Windows devices receive updates from Microsoft, allowing for staged rollouts and deferrals while ensuring security patches are applied.
Windows Update ring
A Windows Update ring is a group of devices in an organization that receives Windows updates according to a specific deployment schedule and risk tolerance, allowing IT administrators to test and roll out updates gradually.
WinRM
WinRM is Microsoft's implementation of WS-Management, enabling secure remote management of Windows systems over HTTP/HTTPS.
Wipe
Wipe is the process of securely erasing all data from a storage device, making it unrecoverable and preparing the device for reuse or disposal.
Wired and Wireless Assurance
Wired and Wireless Assurance is a set of tools and methods that continuously monitor and validate the performance, security, and reliability of both wired and wireless networks to ensure they meet design expectations.
Wired Equivalent Privacy
Wired Equivalent Privacy (WEP) is a security protocol for wireless networks, designed to provide a level of data confidentiality comparable to a wired LAN.
Wireless access point
A wireless access point is a networking device that allows Wi-Fi-enabled devices to connect to a wired network, typically a local area network (LAN), acting as a bridge between wireless and wired communication.
Wireless Access Protocol
A set of rules that allows mobile devices to connect to the internet over a wireless network, primarily used in older mobile phone systems to access web content.
Wireless Internet Service Provider
A Wireless Internet Service Provider (WISP) delivers internet access to customers using radio signals instead of physical cables like fiber or DSL.
Wireless LAN
A Wireless LAN (WLAN) is a network that connects devices like laptops and phones to each other and the internet using radio waves instead of physical cables.
Wireless Roaming
Wireless roaming allows a device to move between wireless access points without losing its network connection or having to log in again.
Wireless Standards
Wireless standards are a set of rules and protocols that define how Wi-Fi devices communicate with each other and with networks without using physical cables.
Wireless Wide Area Network
A wireless network that connects devices over a large geographic area using cellular or satellite technology, like the internet on your phone without cables.
Wireshark
Wireshark is a free, open-source network protocol analyzer that captures and inspects data packets traveling over a computer network in real time.
Wireshark Forensics
Wireshark Forensics is the use of packet capture files and analysis techniques to investigate network traffic for signs of security incidents, intrusions, or policy violations.
WLAN
A wireless local area network (WLAN) links devices using radio waves instead of cables, typically based on IEEE 802.11 standards.
WLC
A Wireless LAN Controller is a centralized device that manages, configures, and secures multiple wireless access points in a network.
Work Breakdown Structure
A Work Breakdown Structure is a hierarchical decomposition of the total scope of work to be carried out by a project team to accomplish project objectives and create the required deliverables.
Work item
A work item is a digital record in Azure DevOps that tracks a single unit of work, such as a task, bug, or user story, helping teams manage and monitor their progress.
Workflow
A workflow is a sequence of steps or tasks that are followed to complete a specific process, often automated in IT.
Workload
A workload is any discrete application, service, or function that runs on a computing resource, consuming CPU, memory, storage, or network capacity.
Workload Identity
A workload identity is a digital credential assigned to an application, service, or automated process that proves its identity to other systems without requiring a human user to log in.
Workload Identity Federation
Workload Identity Federation lets a non-human software workload (like an app or server) securely prove its identity to a cloud provider using a token from an external identity provider, without needing long-term secrets.
Workplace join
Workplace join is a feature in Windows 10 and 11 that lets a personal device connect to an organization's network and access company resources without being fully managed like a corporate-owned device.
Worm
A worm is a type of malicious software that can copy itself and spread to other computers over a network, often without any human action.
WPA
WPA (Wi-Fi Protected Access) is a security protocol that encrypts wireless network traffic to prevent unauthorized access and eavesdropping.
WPA2
WPA2 is a security protocol used to protect Wi-Fi networks by encrypting data transmitted between devices and the access point.
WPA2 cracking
WPA2 cracking is the process of exploiting weaknesses in the WPA2 wireless security protocol to recover the network password and gain unauthorized access to a Wi-Fi network.
WPA3
WPA3 is the latest security standard for Wi-Fi networks, providing stronger encryption and protection against password guessing attacks compared to its predecessor WPA2.
WPS
WPS (Wi-Fi Protected Setup) is a network security standard that simplifies connecting devices to a Wi-Fi network, but it has critical vulnerabilities.
WPS attack
A WPS attack exploits vulnerabilities in the Wi-Fi Protected Setup (WPS) protocol, especially the PIN authentication method, to gain unauthorized access to a wireless network.
X-Ray
X-Ray is a data analysis and visualization tool used in cloud and distributed systems to trace and debug requests as they travel through an application's components.
X-Ray tracing
X-Ray tracing is a monitoring technique used in cloud applications to trace requests as they travel through different services, helping identify performance bottlenecks and errors.
xargs
xargs is a command-line utility that reads input from standard input and converts it into arguments for another command.
XDR
XDR, or Extended Detection and Response, is a unified security platform that collects and correlates data across multiple security layers—endpoints, networks, servers, cloud workloads, and email—to improve threat detection and enable faster response.
XDR Strategy
An XDR strategy is a plan to use extended detection and response tools that collect and analyze data from multiple security layers to stop cyberattacks more effectively.
XFS
XFS is a high-performance 64-bit journaling file system created by Silicon Graphics (SGI) and designed for large files, high throughput, and parallel I/O.
XML
XML is a flexible text format used to store and transport data in a way that both humans and computers can read, using custom tags to describe the data's structure.
XSS
Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
YAML for Network Config
YAML for Network Config is a human-readable data serialization language used to define, automate, and manage network device configurations in a structured text format.
YAML Manifest Structure
A YAML Manifest Structure is the organized way of writing configuration files in YAML format to define, deploy, and manage resources like pods and services in Kubernetes.
YAML pipeline
A YAML pipeline is a text-based file written in YAML format that defines an automated series of steps for building, testing, and deploying software in a continuous integration and continuous delivery (CI/CD) system.
Yammer
Yammer is Microsoft's enterprise social networking platform that connects employees across an organization for collaboration, knowledge sharing, and communication.
YANG
YANG is a data modeling language used to define the structure and constraints of data exchanged between network devices and management applications.
YANG Data Model
A YANG data model is a structured, human-readable language used to define the configuration and state data of network devices, enabling automated and programmatic management.
YARA
YARA is a pattern-matching tool used by cybersecurity professionals to identify and classify malware based on textual or binary patterns.
yum
Yum (Yellowdog Updater Modified) is a command-line package management tool used in Red Hat-based Linux distributions to install, update, remove, and manage software packages from repositories.
Zero Day Vulnerabilities
A zero day vulnerability is a security flaw in software or hardware that the vendor does not yet know about and has not fixed, making it extremely dangerous because attackers can exploit it before a patch exists.
Zero Trust
Zero Trust is a security framework that assumes no user, device, or network is automatically trusted, requiring verification for every access request regardless of its origin.
Zero Trust Architecture
Zero Trust Architecture is a cybersecurity model that requires every user and device to be continuously verified before accessing any resource, regardless of where they are located.
Zero Trust Strategy
A security model that requires continuous verification of every user, device, and connection before granting access to any resource, regardless of where the request originates.
Zero-day
A zero-day is a software security flaw that is unknown to the vendor and has no patch available, making it extremely dangerous because attackers can exploit it before anyone knows it exists.
Zonal
Zonal refers to the practice of grouping computing resources within a single geographic area to improve fault isolation, reduce latency, and meet compliance requirements.
Zone Based Firewall
A Cisco security feature that controls traffic between different parts of a network by grouping interfaces into zones and applying policies.
Zone-redundant storage
Zone-redundant storage is a data replication method that stores copies of your data in multiple physical locations within a cloud region, so your data remains safe and available even if one entire data center fails.
ZRS
ZRS (Zone Redundant Storage) is a data storage option in Microsoft Azure that automatically replicates your data across multiple physical locations within a single region to keep it safe even if an entire data center goes down.
zypper
Zypper is a command-line package management tool for installing, updating, and removing software on openSUSE and SUSE Linux Enterprise systems.
Use the exam filter in the browser above to see only the terms relevant to your specific certification. Each term is tagged with every exam where it appears on the objective list.
Search for any technology, protocol, or concept. The search covers both term names and definitions, so searching for "subnet" surfaces VLANs, CIDR, and subnetting — not just entries titled "Subnet".
Every term page includes the specific exam trap — the most common wrong answer candidates choose. Read the trap before moving on. Knowing why the wrong answer looks right is as valuable as knowing the right answer.
Use the browser above to jump directly to any letter section, or search for a specific term. All 3,135 terms link to their own full definition page.
Every definition is written specifically for certification exam candidates. Rather than general encyclopaedia entries, each term explains what the concept does, why it matters on the exam, and the specific mistake candidates make when tested on it. Definitions include exam traps, memory tips, and real-world scenarios drawn directly from exam objectives.
The glossary covers 20+ IT certification exams across CompTIA (A+, Network+, Security+, CySA+, PenTest+), Microsoft Azure (AZ-900, AZ-104, SC-900, AI-900), AWS (CLF-C02, SAA-C03, DVA-C02), Cisco CCNA, ISC2 (CISSP, CC), Google Cloud (CDL, ACE), and ITIL 4. Use the exam filter to see only terms relevant to your specific certification.
Over 2,300 terms are currently published, with more added as new exam objectives are released. Each term has a minimum of 2,000 words of content including definition, examples, exam context, common mistakes, and related terms.
Yes. Definitions are aligned to current exam objectives: CompTIA Security+ SY0-701, CCNA 200-301, AWS CLF-C02 and SAA-C03, AZ-900 and AZ-104 current versions, and all other current certification versions. The glossary is updated when major objective changes are published.
Absolutely — it's designed for that. Every glossary page links to relevant practice questions on Courseiva. When you encounter an unfamiliar term in a practice question, look it up here for a full explanation, then return to the question bank to apply what you've learned.
Look up a term, then practice with real exam-style questions for every certification in this glossary.