Acronyms !!

Question 1

AUP

Answer 1

Acceptable user policy – determines what is and what is not permitted on the network.

Question 2

AP

Answer 2

Access Point

Question 3

OID

Answer 3

Object identifiers

Question 4

RAT

Answer 4

Remote Access Trojan

Question 5

MAC

Answer 5

Mandatory Access Control – refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.

Question 6

AAA

Answer 6

Authentication, Authorization, and Accounting

Question 7

DAC

Answer 7

Discretionary access control – (DAC) model assigns an owner to an object, and the owner establishes access to users for the objects.

Question 8

TAP

Answer 8

Test Access Point – a device that copies signals from the physical layer and the data link layer. Since no network or transport logic is used, every frame is received, allowing reliable packet monitoring.

Question 9

MAM

Answer 9

Mobile Application Management – sets policies for apps that can process corporate data and prevents data transfer to personal apps. This type of solution configures an enterprise-managed container or workspace.

Question 10

UEM

Answer 10

Unified Endpoint Management – is a suite of applications and features that extends the concept of network access control (NAC) solutions to the mobile device. UEM may include MAM.

Question 11

NAC

Answer 11

Network Access control – an approach to computer security that attempts to unify endpoint security technology, user or system authentication and network security enforcement.

Question 12

ARP

Answer 12

Address Resolution Protocol

Question 13

DNS

Answer 13

Domain Name System

Question 14

IP

Answer 14

Internet Protocol

Question 15

RDP

Answer 15

Remote Desktop Protocol – is Microsoft’s protocol for operating remote connections to a Windows machine.

Question 16

VPN

Answer 16

Virtual Private Network

Question 17

RAM

Answer 17

Random Access Memory

Question 18

SOAR

Answer 18

Security Orchestration, Automation, and Response. SOAR allows better response when the volume of alerts becomes overwhelming.

Question 19

SEDS

Answer 19

Self-encrypting drives

Question 20

FPGA

Answer 20

Field Programmable Gate Arrays – are semiconductor devices that contain programmable logic blocks and interconnection circuits. These devices can be programmed and reprogrammed to meet the required functionality. Difficulty in updating and patching is often a downfall of embedded systems such as FPGAs.

Question 21

OT

Answer 21

Operational Technology

Question 22

FQDN

Answer 22

Fully Qualified Domain Name

Question 23

DNSSEC

Answer 23

Domain Name System Security Extensions

Question 24

DHCP

Answer 24

Dynamic Host Configuration Protocol

Question 25

SFTP

Answer 25

Secure File Transfer Protocol

Question 26

FTP

Answer 26

File Transfer Protocol

Question 27

TFTP

Answer 27

Trivial File Transfer Protocol – is a simple protocol for exchanging files between two TCP/IP machines. TFTP servers allow connections from a TFTP Client for sending and receiving files.

Question 28

CIRT

Answer 28

Cyber Incident Response Team

Question 29

HIPS

Answer 29

Host-based Intrusion Prevention System

Question 30

OS

Answer 30

Operating System

Question 31

SIEM

Answer 31

Security Information and Event Management

Question 32

MiTM

Answer 32

A man-in-the-middle

Question 33

DMZ

Answer 33

Demilitarized Zone

Question 34

HSM

Answer 34

Hardware Security Model – a physical device that provides extra security for sensitive data.

Question 35

LAN

Answer 35

Local Area Network – a collection of devices connected together in one physical location, such as a building, office, or home.

Question 36

VLAN

Answer 36

Virtual Local Area Network – any broadcast domain that is partitioned and isolated in a computer network at the data link layer.

Question 37

API

Answer 37

Application Programming Interface – The word Application refers to any software with a distinct function. Interface can be thought of as a contract of service between two applications. This contract defines how the two communicate with each other using requests and responses.

Question 38

PKI

Answer 38

Public key infrastructure

Question 39

VDE

Answer 39

Virtual Desktop Environments

Question 40

IRP

Answer 40

Incident Response Plan (also known as a playbook)

Question 41

CVE

Answer 41

Common Vulnerabilities and Exposures

Question 42

CVSS

Answer 42

Common Vulnerability Scoring System

Question 43

RFC

Answer 43

Requests for Comments

Question 44

IETF

Answer 44

Internet Engineering Task Force

Question 45

NIST

Answer 45

National Institute of Standards and Technology – Information security and cybersecurity tasks can be classified as five functions (Identify, Protect, Detect, Respond, Recover), following the framework developed by the National Institute of Standards and Technology.

Question 46

PCI DSS

Answer 46

Payment Card Industry Data Security Standard – defines the safe handling and storage of financial information.

Question 47

GDPR

Answer 47

General Data Protection Regulation – means that personal data cannot be collected, processed, or retained without the individual’s informed consent.

Question 48

CIS

Answer 48

Center for Internet Security – is a not-for-profit organization founded partly by The SANS Institute. It publishes the well-known “The 20 CIS Controls.”

Question 49

AI

Answer 49

Artificial intelligence

Question 50

CSP

Answer 50

Cloud Service Provider

Question 51

CTI

Answer 51

Cyber threat intelligence

Question 52

OSINT

Answer 52

Open source intelligence

Question 53

TPM

Answer 53

Trusted platform module – is a specification for hardware-based storage of encryption keys, hashed passwords, and other user and platform identification information.

Question 54

NFC

Answer 54

Near Field communications

Question 55

SOA

Answer 55

Service Oriented Architecture

Question 56

SDN

Answer 56

Software Defined Network

Question 57

IOT

Answer 57

Internet of Things

Question 58

IdP

Answer 58

Identity Provider

Question 59

IdP

Answer 59

Identity Provider

Question 60

SSO

Answer 60

Single Sign On

Question 61

RFID

Answer 61

Radio Frequency Identification – commonly used for asset management as tags. It is a chip programmed with asset data.

Question 62

STP

Answer 62

Spanning Tree Protocol – is a means for the bridges to organize themselves into a hierarchy and prevent loops from forming.

Question 63

SoC

Answer 63

System on Chip – is a design where processors, controllers, and devices are provided on a single processor die (or chip). Raspberry Pi and Arduino are examples of SoC boards.

Question 64

FGPA

Answer 64

Field Programmable Gate Array – a type of controller that can be configured with programming logic onboard the device to run a specific application. Difficulty in updating is often a downfall of many embedded systems.

Question 65

PLC

Answer 65

Programmable Logic Controller – They are industrial computers used to control different electro-mechanical processes for use in manufacturing, plants, or other automation environments.

Question 66

RTOS

Answer 66

Real-Time Operating System

Question 67

AES

Answer 67

Advanced Encryption Standard

Question 68

OAuth

Answer 68

Open Authorization – a protocol often implemented for authentication and authorization for RESTful application programming interface (API). It is designed to facilitate sharing of information (resources) within a user profile between sites.

Question 69

OIDC

Answer 69

OpenID Connect – is an authentication protocol that can be implemented as special types of OAuth flows with precisely defined token fields.

Question 70

SDV

Answer 70

Software-defined visibility – supports assessment and incident response functions. Visibility is the near real-time collection, aggregation, and reporting of data about network traffic.

Question 71

CA

Answer 71

Certificate Authority

Question 72

PHI

Answer 72

Personal health information

Question 73

PII

Answer 73

Personally identifiable information

Question 74

ACL

Answer 74

Access Control List

Question 75

ARO

Answer 75

Annualized rate of occurrence

Question 76

ALE

Answer 76

Annualized loss expectancy – The amount that would be lost over the course of a year. This amount is determined by multiplying the SLE by the annualized rate of occurrence (ARO).

Question 77

SLE

Answer 77

Single loss expectancy – is the amount that would be lost in a single occurrence of the risk factor. This amount is determined by multiplying the value of the asset by an exposure factor (EF).