Acronyms

Question 1

3DES

Answer 1

Triple Digital Encryption Standard

Performs encryption in 3 times of the same algorithm

Question 2

802.1x

Answer 2

Switch authentication

Standard for controlling access to intranet infrastructure

Question 3

AAA

Answer 3

Authentication, Authorization, and Accounting

The Principle of verifying identity, capability and use

Question 4

ABAC

Answer 4

Attribute-based Access Control

Granting access based upon the characteristic of the
subject, such as clearance level.

Question 5

ACL

Answer 5

Access Control List

Restricting entry, based upon a listing of controls or permissions.

Question 6

AES

Answer 6

Advanced Encryption Standard

Rijndael was approved by the US government and given this title

Question 7

AES256

Answer 7

Advance Encryption Standard 256bit

The 26 bit version of this algorithm is its highest level and is deemed uncrackable by brute force methods.

Question 8

AH

Answer 8

Authentication Header

The AH header transmit in clear text but authenticates and integrity checks each packet

Question 9

AI

Answer 9

Artificial Intelligence

The simulation of human intelligence and thinking in a machine, including adaptive learning and problem solving

Question 10

AIS

Answer 10

Automatic Indicator Sharing

Automated sharing of threat information between organizations to enhance detection and response.

Question 11

ALE

Answer 11

Annualized Loss Expectancy

The single loss expectancy times the annualized rate of occurrence

Question 12

ALG

Answer 12

Application Layer Gateway

This is a type of firewall able to inspect headers and payload in the upper protocol layers

Question 13

AP

Answer 13

Access Point

Infrastructure connection point for most wireless networks

Question 14

API

Answer 14

Application Programming Interface

These are developed tools used by programmers that have prebuilt functions with desired utility

Question 15

APT

Answer 15

Advanced Persistent Threat

Applications with advanced targeting, zero days and
exfiltration techniques that are aimed at particular
organizations or industries.

Question 16

ARO

Answer 16

Annualized Rate of Occurrence

Most risk assessments track threats and attacks on an
annualized basis.

Question 17

ARP

Answer 17

Address Resolution Protocol

Given the IP address ARP will locate the MAC address.

Question 18

ASLR

Answer 18

Address Space Layout Randomization

This randomizes the location of an application in
memory making it harder for attackers to successfully
perform the buffer overflow.

Question 19

ASP

Answer 19

Application Service Provider

An organization provides access to its custom
developed software, such as accounting or customer
management.

Question 20

ATT&CK

Answer 20

Adversarial Tactics,
Techniques, and Common
Knowledge

A database of adversarial tactics and techniques that
might be used to compromise systems organizations to
enhance threat management.

Question 21

Asymmetric key

Answer 21

Public key/Private key

The use of complementary values to disguise and then
reveal information.

Question 22

AUP

Answer 22

Acceptable Use Policy

This policy is legally required, if HR wants to fire
someone for misuse.

Question 23

AV

Answer 23

Antivirus

Designed to identify malware, primarily based upon
known patterns.

Question 24

AV

Answer 24

Asset Value

This can be the replacement cost or income derived
from something.

Question 25

AXFR

Answer 25

Zone transfer

The synchronization of name resolution information
between a primary and secondary DNS server.

Question 26

BASH

Answer 26

Bourne again shell

Bash is a UNIX and Linux command interface and
language.

Question 27

BIA

Answer 27

Business Impact Analysis

This is the prerequisite for disaster recovery and
continuity planning to identify potential losses.

Question 28

BIOS

Answer 28

Basic Input/Output System

The now deprecated initial program sets for computer.
Firmware based initialization code for booting a system.

Question 29

Bluetooth

Answer 29

802.15

Technology commonly used to communicate with small
devices at modest speeds over a short range with low
security requirements.

Question 30

BCP

Answer 30

Business Continuity Plan

The orderly planning for and management of threats and
incidents to an organization.

Question 31

BGP

Answer 31

Border Gateway Protocol

Border Gateway Protocol is for routing exterior traffic
between autonomous systems/organizations.

Question 32

BIA

Answer 32

Business Impact Analysis

Assessing the criticality of business activities and assets
in order to determine the appropriate protection and
recovery options.

Question 33

BO

Answer 33

Buffer overflow

The insertion of malicious computer instructions into
the RAM of a host to accomplish denial of service or
injecting shellcode.

Question 34

BPA

Answer 34

Business Partners Agreement

This outlines the goals and responsibilities between
entities pursuing a common work product.

Question 35

BPDU

Answer 35

Bridge Protocol Data Unit

This protocol is used to identify efficient paths and
loops in a switched network.

Question 36

BSSID

Answer 36

Basic Service Set IDentifier

This is the MAC address that a wireless device is
attached to.

Question 37

Brute Force

Answer 37

Brute force attack

Discovers a hash or encrypted secret by attempting all
combinations and permutations.

Question 38

BYOD

Answer 38

Bring Your Own Device

The organization compensates the individual for use of
their phone in organizational activities.

Question 39

C2

Answer 39

Command and control

Servers that are centrally placed the hold control
instructions for illicitly managed hosts.

Question 40

CA

Answer 40

Certificate Authority

This entity issues certificates. After verifying them, and
is the center of trust in PKI.

Question 41

CAC

Answer 41

Common Access Card

A form of identification with photograph, barcode,
RFID and cryptographic storage of private key
information.

Question 42

CAPTCHA

Answer 42

Completely Automated Public Turing to Tell
Computers and Humans Apart

This is intended to prevent rogue automated attempts at
access.

Question 43

CAR

Answer 43

Corrective Action Report

A document generated when the defect or error has been
detected that has the goal of eliminating a reoccurrence.

Question 44

CASB

Answer 44

Cloud Access Security
Broker

A software resource place between users and cloud
applications that monitors and enforces policy-based
access to cloud resources.

Question 45

CBC

Answer 45

Cipher Block Chaining

Each plaintext block is XORed (see XOR) with the
immediately previous ciphertext block.

Question 46

CBT

Answer 46

Computer-Based Training

Courseware or lessons that are delivered via a computer,
commonly used for at home and corporate training.

Question 47

CCMP

Answer 47

Counter-Mode/CBC-Mac Protocol

Each plaintext block is XORed (see XOR) with the
immediately previous ciphertext block that includes a
message authentication code.

Question 48

CCTV

Answer 48

Closed-circuit Television

Allows monitoring and recording of activities in an
area.

Question 49

CER

Answer 49

Cross-over Error Rate

The point at which false acceptances are equal to false
rejection.

Question 50

CER

Answer 50

Certificate

A generic term for a document that facilitates
authentication.

Question 51

CERT

Answer 51

Computer Emergency Response Team

A multi-discipline group designated to handle IT
incidents.

Question 52

CFB

Answer 52

Cipher Feedback

A mode of operation for a block cipher.

Question 53

Chain of custody

Answer 53

Evidence control and management

The documentation of handling and protection of
evidence.

Question 54

CHAP

Answer 54

Challenge Handshake Authentication Protocol

Commonly used by routers and has several derivatives
in use by Microsoft for authentication.

Question 55

CIO

Answer 55

Chief Information Officer

The most senior official in an organization responsible
for the information technology and systems that support
enterprise.

Question 56

CIRT

Answer 56

Computer Incident Response Team

A group that investigates and resolves IT security
problems.

Question 57

CIS

Answer 57

Center for Internet Security

Its mission is to identify develop, promote, and lead the
world with regard to best practices for cybersecurity
solutions.

Question 58

CMP

Answer 58

Change Management Policy

An organizational process designed to facilitate making
changes to organizational resources in such a way that
they are identifiable, auditable, and orderly.

Question 59

CMS

Answer 59

Content Management System

These are applications that facilitate the creation,
editing, publishing and archival of web pages and
content.

Question 60

CN

Answer 60

Common Name

An identifying name that may be applied to a directory
resource, such as a user, server, or other object.

Question 61

COOP

Answer 61

Continuity of Operations Plan

Ensuring that vital and primary mission essential
functions continue to run, even in the face of
emergencies.

Question 62

COPE

Answer 62

Corporate Owned, Personally Enabled

Smart phones owned by the organization, but approved
for personal use.

Question 63

CP

Answer 63

Contingency Planning

Procedures to follow in the event of a catastrophic
incident, even though it may be unlikely.

Question 64

CRC

Answer 64

Cyclical Redundancy Check

An error checking code, used in digital technology
primarily to identify accidental changes to data.

Question 65

Crimeware

Answer 65

Cyber theft

A class of malware that automates malicious activity.

Question 66

CRL

Answer 66

Certificate Revocation List

This is maintained by a certificate authority to identify
certificates associated with compromised or lost private
keys.

Question 67

CSO

Answer 67

Chief Security Officer

This official is responsible for development, oversight,
mitigation and other risk strategies.

Question 68

CSP

Answer 68

Cloud Service Provider

An organization that provides IaaS, PaaS or SaaS to an
array of customers.

An organization that provides cloud-based access to
infrastructure, storage and/or applications.

Question 69

CSA

Answer 69

Cloud Security Alliance

A nonprofit organization that promotes best practices in
security for cloud-based computing.

Question 70

CSIRT

Answer 70

Computer Security Incident Response Team

Information technology personnel whose purpose is to
prevent, manage and coordinate actions about security
incidents.

Question 71

CSR

Answer 71

Certificate Signing Request

Created by an applicant seeking to gain a certificate
from an authority.

Question 72

CSRF

Answer 72

Cross-site Request Forgery

An attack wherein a message is spoofed from a user to a
trusted site.

Question 73

CSU

Answer 73

Channel Service Unit

A connecting device used to link an organization to
telco-based T-services

Question 74

CTO

Answer 74

Chief Technology Officer

The executive person tasked with identifying useful
technology, IT strategies and partnerships.

Question 75

CTOS

Answer 75

Centralized terminal operating system.

Legacy management.

Question 76

CTR

Answer 76

Counter

This form of encryption is used by AES to perform
streaming encryption.

Question 77

CVE

Answer 77

Common Vulnerabilities and Exposures

A database of known and published software flaws that
may impact security that is managed by MITRE.

Question 78

CVSS

Answer 78

Common Vulnerability Scoring System

An empirical scheme for rating vulnerability severity
based upon specific aspects of the vulnerability,
environment, and nature of threats.

Question 79

CYOD

Answer 79

Choose Your Own Device

In this mode of control and acquisition, an employee
chooses a device from a company provided list.
Ownership may be personal or organization.

Question 80

DAC

Answer 80

Discretionary Access Control

The creator has all control over an asset and access to it.
The default form of access for Windows.

Question 81

Data

custodian

Answer 81

Facilitates use

Exemplified by data center personnel who manage and
maintain systems.

Question 82

Data owner

Answer 82

Responsible for use

Determines logical controls, authorizes use and defines
required security.

Question 83

DBA

Answer 83

Database Administrator

This role is filled by personnel capable of managing
automated and large information repositories.

Question 84

DDoS

Answer 84

Distributed Denial of Service

This attack methodology involves a multitude of
remotely controlled devices focusing upon a single
target.

Question 85

DEP

Answer 85

Data Execution Prevention

And operating system memory management technique
that prevents user data from overlapping into computer
instructions.

Question 86

DER

Answer 86

Distinguished Encoding Rules

A commonly used method of encoding the data that
makes up the certificate using ASN.1.

Question 87

DES

Answer 87

Digital Encryption Standard

The first US government standard for symmetric
encryption. It has a 56 bit key.

Question 88

DHCP

Answer 88

Dynamic Host Configuration Protocol

This is an extension of BOOTP and is used to
dynamically allocate IPs.

Question 89

DHE

Answer 89

Diffie-Hellman Ephemeral

This is a key exchange algorithm that enhances
confidentiality by discarding the session keys after use.

Question 90

Dictionary

Answer 90

Dictionary attack

Performs hashing or encryption on an array of
predetermined candidate phrases, and compares it to the
secret.

Question 91

Differential

BU

Answer 91

Differential backup

-It backups files to alternative media that have the archive
bit set, and then it does not clear it.

Question 92

DKIM

Answer 92

Domain Keys Identified Mail

A messaging security standard designed to facilitate
non-repudiation between sender and receiver.

Question 93

DLL

Answer 93

Dynamic Link Library

These files are not directly executed, but are called up
by an application when certain additional functions or
libraries are needed.

Question 94

DLP

Answer 94

Data Loss Prevention

Strategies and applications that prevent data theft or
illicit access.

Question 95

DMARC

Answer 95

Domain Message Authentication Reporting
and Conformance

This is an email security standard designed to allow
domains to protect themselves from unauthorized use
and spoofing.

Question 96

DNAT

Answer 96

Destination Network Address Translation

The initial destination of a packet as it enters a NAT
system to be redirected to another destination.

Question 97

DMZ

Answer 97

Demilitarized Zone

The perimeter area where the outside world may access
certain services.

Question 98

DNS

Answer 98

Domain Name Service

An application that handles symbolic name to address
mappings, as well as the reverse.

Question 99

DNSSEC

Answer 99

Domain Name System
Security Extensions

An array of tools devised by the IETF to secure DNS
transactions.

Question 100

DoS

Answer 100

Denial of Service

A one on one attack that causes access or utility to
cease.

Question 101

DPO

Answer 101

Data Protection Officer

A senior officer responsible for an organization’s data
protection strategies and compliance.

Question 102

DRP

Answer 102

Disaster Recovery Plan

The immediate plans for recovery of operations or
services in the event of a catastrophic incident.

Question 103

DSA

Answer 103

Digital Signature Algorithm

An algorithm created by the NSA to implement non-
repudiation.

Question 104

DSL

Answer 104

Digital Subscriber Line

High-speed Internet conductivity based upon existing
infrastructure for telephones.