Acronyms

Question 1

ACL

Answer 1

Access Control List

A rule set that can be implemented on a firewall, switch, or other infrastructure device to control access.

Question 2

AP

Answer 2

Access Point

A wireless transmitter and receiver that hooks into the wired portion of a network and provides an access point to that network for wireless devices.

Question 3

ASLR

Answer 3

Address Space Layout Randomization

A technique that can be used to prevent memory attacks

Question 4

AES

Answer 4

Advanced Encryption Standard

A symmetric algorithm adopted by the US government as the replacement algorithm for 3DES.

Question 5

APT

Answer 5

Advanced Persistent Threat

A hacking process that targets a specific entity and is carried out over a long period of time. The attacker is usually a group of organized individuals often funded and supported by a nation-state to gain illicit access to another government’s information.

Question 6

ALE

Answer 6

Annualized Loss Expectancy

The expected risk cost of an annual threat event.

Question 7

ARO

Answer 7

Annualized Rate of Occurrence

An estimate of how often a given threat might occur annually.

Question 8

API

Answer 8

Application Programming Interface

A software interface that handles interactions between multiple software applications or mixed hardware/software intermediaries.

Question 9

ASIC

Answer 9

Application Specific Integrated Circuit

A circuit that is designed specifically for an application and thus is not a general-purpose chip.

Question 10

AI

Answer 10

Artificial Intelligence

The ability of a machine or computer to learn and adapt.

Question 11

ARF

Answer 11

Asset Reporting Format

A data model that is used to express the transport format of information about assets and the relationships between assets and reports.

Question 12

AJAX

Answer 12

Asynchronous JavaScript and XML

A group of interrelated web development techniques used on the client side to create asynchronous web applications.

Question 13

AIK

Answer 13

Attestation Identity Key

Versatile memory that ensures the integrity of an EK.

Question 14

ABAC

Answer 14

Attribute-Based Access Control

An access control system that takes multiple factors or attributes into consideration before authenticating and authorizing an entity.

Question 15

AR

Answer 15

Augmented Reality

A program that overlays virtual objects on the real-world environment.

Question 16

AAA

Answer 16

Authentication, Authorization, and Accounting

Framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

Question 17

BYOD

Answer 17

Bring Your Own Device

A strategy in which users bring their own devices and use them for company and personal work.

Question 18

BACnet

Answer 18

Building Automation and Control Network

An application, network, and media access control layer communications service that can operate over a number of layer 2 protocols, including ethernet.

Question 19

BCP

Answer 19

Business Continuity Plan

A process that focuses on sustaining an organization’s business/mission processes during and after disruption.

Question 20

BIA

Answer 20

Business Impact Analysis

The process of identifying mission critical systems and identifying measure to provide fault tolerance and high availability.

Question 21

CMMI

Answer 21

Capability Maturity Model Integration

A process improvement approach.

Question 22

CA

Answer 22

Certificate Authority

An entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary.

Question 23

CRL

Answer 23

Certificate Revocation List

A list of digital certificates that a CA has revoked.

Question 24

CSR

Answer 24

Certificate Signing Request

A request that a self-generated certificate be validated and signed by a CA.

Question 25

COPPA

Answer 25

Children’s Online Privacy Protection Act

A law that addresses abuse of children on the Internet.

Question 26

CYOD

Answer 26

Choose Your Own Device

A strategy in which organization users choose their own devices from a list of options but the devices are purchased, owned, and managed by the organization.

Question 27

CBC

Answer 27

Cipher Block Chaining

A DES mode in which 64-bit blocks are chained together and each resultant 64-bit ciphertext block is applied to the next block.

Question 28

CASB

Answer 28

Cloud Access Security Broker

On-premises or cloud based software that sits between cloud service users and cloud applications and monitors all activity and enforces security policies.

Question 29

CCE

Answer 29

Common Configuration Enumeration

A set of best practice statements maintained by the NIST.

Question 30

CIP

Answer 30

Common Industrial Protocol

A suite of messages and services for the collection of manufacturing automation applications.

Question 31

CN

Answer 31

Common Name

The entity name protected by an SSL/TLS certificate, which is technically represented by the Common Name field in the X.509 certificate specification.

Question 32

CPE

Answer 32

Common Platform Enumeration

A naming scheme for describing and classifying operations systems, applications, and hardware devices used by SCAP.

Question 33

CVE

Answer 33

Common Vulnerabilities and Exposures

A free MITRE database that lists vulnerabilities in published operating systems and application software as identified by Common Platform Enumeration (CPE).

Question 34

CVSS

Answer 34

Common Vulnerability Scoring System

A system of ranking vulnerabilities that are discovered based on predefined metrics.

Question 35

COBO

Answer 35

Company-Owned, Business Only

A strategy in which mobile devices, are purchased, owned, and managed by the organization.

Question 36

CSIRT

Answer 36

Computer Security Incident Response Team

Provides a reliable and trusted single point of contact for reporting computer security incidents worldwide.

Question 37

CMDB

Answer 37

Configuration Management Database

A database that keeps track of the state of assets, such as products, systems, software, facilities, and people, as they exist at specific points in time, as well as the relationships between such assets.

Question 38

CDN

Answer 38

Content Delivery Network

A set of geographically dispersed servers that serve content to users based on their location, so that users get content from the physically nearest server.

Question 39

CMS

Answer 39

Content Management System

Enables non-technical users the ability to create, manage, and modify content on a website.

Question 40

CTPH

Answer 40

Context Triggered Piecewise Hashes

A rolling hash that involves multiple traditional cryptographic hashes for one or more fixed-size segments in a file.

Question 41

COOP

Answer 41

Continuity of Operations Plan

A plan that focuses on restoring an organization’s mission essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations.

Question 42

CD

Answer 42

Continuous Delivery

The ability to make software features, configuration changes, bug fixes, and experiments available to users safely and quickly and in a sustainable way.

Question 43

CDP

Answer 43

Continuous Delivery Pipeline

The workflows needed to introduce new functionality to software, from ideation to an on-demand release of value to the end user.

Question 44

CI

Answer 44

Continuous Integration

The practice of merging all software developer working copies into a shared main line several times a day.

Question 45

CAN

Answer 45

Controller Area Network bus

A newer standard for vehicle-to-vehicle and vehicle-to-road communication.

Question 46

COPE

Answer 46

Corporate Owned, Personally Enabled

A strategy in which an organization purchases mobile devices, and users manage those devices.

Question 47

CTR

Answer 47

Counter

A DES mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream.

Question 48

CPTED

Answer 48

Crime Prevention Through
Environmental Design

A multi-disciplinary approach to security that involves designing a facility from the ground up to support security.

Question 49

CSRF

Answer 49

Cross-Site Request Forgery

An attack that causes an end user to execute unwanted actions on a web application in which they are currently authenticated.

Question 50

XSS

Answer 50

Cross-Site Scripting

An attack in which an attacker locates a website vulnerability and injects malicious code into the web application.

Question 51

CER

Answer 51

Crossover Error Rate

The point at which FRR equals FAR.

Question 52

CRM

Answer 52

Customer Relationship Management

Software that identifies customers and stores customer-related data, particularly contact information and data on any direct contacts with customers.

Question 53

DLP

Answer 53

Data Loss Prevention

Software that uses ingress and egress filters to identify sensitive data that is leaving the organization and can prevent such leakage.

Question 54

DAM

Answer 54

Database Activity Monitoring

The use of tools to monitor transactions and the activity of database services.

Question 55

DDS

Answer 55

Data Distribution Service

Enables network interoperability for connect machines, facilitating the scalability, performance, and Quality of Service (QoS) features required for industrial applications.

Question 56

DevOps

Answer 56

Development Operations

A software development method that aims at shorter development cycles, increased deployment frequency, and more dependable releases, in close alignment with business objectives.

Question 57

DevSecOps

Answer 57

Development Security Operations

A development approach that involves representatives from development, operations, and security to create a shared sense of responsibility with regard to security.

Question 58

DH

Answer 58

Diffie-Hellmen

A key agreement process used with asymmetric encryption algorithms allowing for a symmetric key exchange without using public/private key pairs.

Question 59

DRM

Answer 59

Digital Rights Management

Technology used by hardware manufacturers, publishers, copyright holders, and individuals to control the use of digital content.

Question 60

DSS

Answer 60

Digital Signature Standard

A US federal digital security standard that governs the Digital Security Algorithm (DSA).

Question 61

DRaaS

Answer 61

Disaster Recovery Plan

An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.

Question 62

DRP

Answer 62

Disaster Recovery Plan

An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.

Question 63

DAC

Answer 63

Discretionary Access Control

An access control system in which the owner of an object specifies which subjects can access the resource.

Question 64

DDoS

Answer 64

Distributed Denial of Service

An attack that is carried out from multiple attack locations.

Question 65

DNP3

Answer 65

Distributed Network Protocol 3

A primary/secondary protocol that uses port 19999 when using TLS and port 2000 when not using TLS. Its main use is in utilities such as electric and water companies.

Question 66

DoH

Answer 66

DNS over HTTPS

A method of transmitting DNS traffic to remote DNS servers using the Secure HTTPS protocol.

Question 67

DNS

Answer 67

Domain Name System

A database that provides a hierarchical naming system for computers, services, and any resources connected to the internet or a private network.

Question 68

DNSSEC

Answer 68

Domain Name System Security Extensions

A secure form of DNS which ensures that a DNS server is authenticated before the transfer of DNS information begins between the DNS server and the client.

Question 69

DAST

Answer 69

Dynamic Application Security Testing

A form of testing that is automated.

Question 70

DTP

Answer 70

Dynamic Trunking Protocol

A protocol that enables two switches to form a trunk link automatically, based on their configuration.

Question 71

ECB

Answer 71

Electronic Codebook

The easiest and fastest DES mode to use. It has security issues because every 64-bit block is encrypted with the same key.

Question 72

ECC

Answer 72

Elliptic-Curve Cryptography

An approach to public key cryptography that is based on the algebraic structure of elliptic curves over finite fields.

Question 73

ECDH

Answer 73

Elliptic-Curve Diffie-Hellman

A key agreement protocol that uses an elliptic-curve public/private key pair to establish a symmetric key over an insecure channel.

Question 74

ECDSA

Answer 74

Elliptic-Curve Digital Signature Algorithm

An algorithm that provides elliptical-curve-based key exchange.

Question 75

EK

Answer 75

Endorsement Key

Persistent memory installed by a manufacturer that contains a public-private key pair.

Question 76

EDR

Answer 76

Endpoint Detection and Response

A proactive endpoint security approach that is designed to supplement existing defenses.

Question 77

ERP

Answer 77

Enterprise Resource Planning

A process that involves collecting, storing, managing, and interpreting data from product planning, product cost, manufacturing or service delivery, marketing/sales, inventory management, shipping, payment, and any other business processes.

Question 78

ESB

Answer 78

Enterprise Service Bus

A software platform used to facilitate communication between mutually interacting software applications in an SOA.

Question 79

ELF

Answer 79

Executable and Linkable Format

The standard binary format on Oss such as Linux. Capabilities include dynamic linking, dynamic loading, imposing run-time control on a program, and an improved method for creating shared libraries.

Question 80

EF

Answer 80

Exposure Factor

The percentage value or functionality of an asset that will be lost when a threat event occurs.

Question 81

EV

Answer 81

Extended Validation

A certificate that requires verification of the requesting entity’s legal identify before the certificate can be issued.

Question 82

XACML

Answer 82

Extensible Access Control Markup Language

A standard for an access control policy language using XML. Its goal is to create an ABAC system that decouples the access decision from the application or the local machine.

Question 83

EAP

Answer 83

Extensible Authentication Protocol

A framework for port-based access control that uses the same three components that are used in RADIUS.

Question 84

XCCDF

Answer 84

Extensible Configuration Checklist Description Format

A specification language for writing security checklists, benchmarks, and related kinds of documents that is used by SCAP.

Question 85

XML

Answer 85

Extensible Markup Language

A markup language that is often used in web deployments.

Question 86

FAR

Answer 86

False Acceptance Rate

A measurement of the percentage of invalid users that will be falsely accepted by the system.

Question 87

FRR

Answer 87

False Rejection Rate

A measurement of valid users that will be falsely rejected by the system.

Question 88

FERMA

Answer 88

Federation of European Risk Management Associations Risk Management Standard

An organization that provides guidelines for managing risk in an organization.

Question 89

FPGA

Answer 89

Field Programmable Gate Array

A type of PLD that is programmed by blowing fuse connections on the chip or using an anti-fuse that makes a connection when a high voltage is applied to the junction.

Question 90

FIM

Answer 90

File Integrity Monitoring

Methods of ensuring that files have not been altered by an unauthorized person or application.

Question 91

FIFO

Answer 91

First-In, First-Out

A tape rotation scheme in which the newest backup is saved to the oldest media.

Question 92

FTK

Answer 92

Forensic Toolkit

A tool for taking images of forensic data without making changed to the original evidence.

Question 93

FaaS

Answer 93

Function as a Service

An extension of PaaS that completely abstracts the virtual server from the developer.

Question 94

GCM

Answer 94

Galois/Counter Mode

A DES mode in which blocks are numbered sequentially, and then a block number is combined with an IV and encrypted with a block cipher, usually AES.

Question 95

GDPR

Answer 95

General Data Protection Regulation

Regulatory guidelines required by the EU.

Question 96

GPS

Answer 96

Global Positioning System

GPS sensors can report highly accurate location information.

Question 97

GPG

Answer 97

GNU Privacy Guard

A rewrite or upgrade of PGP that uses AES.

Question 98

GDB

Answer 98

GNU Project Debugger

A tool that allows visibility into a program while it executes or determines what the program was doing at the moment it crashed.

Question 99

GFS

Answer 99

Grandfather/Father/Son

A tape rotation scheme in which three sets of backups are defined. Most often these three definitions are daily (sons), weekly (fathers), and monthly(grandfathers). Each week, one son advances to the father set.

Question 100

HSM

Answer 100

Hardware Security Module

An appliance that safeguards and manages digital keys used with strong authentication and provides crypto processing.

Question 101

HMAC

Answer 101

Host-based Message Authentication Code

A keyed-has MAC that involves a hash function with a symmetric key. HMAC provides data ingrity an authentication.

Question 102

HSM

Answer 102

Hierarchical Storage Management

A backup method that involves storing frequently accessed data on faster media and less frequently accessed data on slower media.

Question 103

HIDS

Answer 103

Host-based Intrusion Detection System

Provides threat detection by monitoring OS logs, processes, services, and file systems.

Question 104

HIPS

Answer 104

Host-based Intrusion Prevention System

Provides detection and responds to identified anomalies by stopping service, blocking communications, or stopping processes.

Question 105

HMAC

Answer 105

Host-based Message Authentication Code

Specified message authentication that can verify both the source and content of a message without any other means. On the sender and receiver know the secret key.

Question 106

HOTP

Answer 106

HMAC-based One-Time Password

An algorithm that computes a password from a shared secret that is used on time only. It uses an incrementing counter that is synchronized on the client and the server to do this.

Question 107

HSTS

Answer 107

HTTP Strict Transport Security

A policy mechanism that informs web browsers (or other user agents) that they should automatically interact with it using only HTTPS connections.

Question 108

HUMINT

Answer 108

Human Intelligence

Any information gathered via person-to-person contact.

Question 109

HSDN

Answer 109

Hybrid Software-Defined Networks

A mix of traditional and software-defined networks operating within the same environment. A middle ground for companies with existing infrastructure who cannot replace all of the equipment to take full use of SDNs.

Question 110

IRT

Answer 110

Incident Response Team

A written document that helps an organization before, during, and after a confirmed or suspected security incident.

Question 111

IoC

Answer 111

Indicator of Compromise

Any activity, artifact, or log entry that is typically associated with an attack of some sort.

Question 112

ICS

Answer 112

Industrial Control System

A general term that encompasses several types of control systems used in industrial production.

Question 113

ISAC

Answer 113

Information Sharing and Analysis Center

Nonprofit organizations that host security information sharing systems.

Question 114

ISCP

Answer 114

Information System Contingency Plan

A plan that provides established procedures for the assessment and recovery of a system following a system disruption.

Question 115

IaaS

Answer 115

Infrastructure as a Service

A cloud service model in which the vendor provides the hardware platform or data center, and the company installs and manages its own OS and apps.

Question 116

IV

Answer 116

Initialization Vector

A fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.

Question 117

IAST

Answer 117

Interactive Application Security Testing

A form of testing in which the tester interacts with the system.

Question 118

ISA

Answer 118

Interconnection Security Agreement

An agreement between two organizations that own and operate connected IT systems to document the technical requirements of the interconnection.

Question 119

IMAP

Answer 119

Internet Message Access Protocol

An application layer protocol used on a client to retrieve email from a server.

Question 120

IPSec

Answer 120

Internet Protocol Security

A suite of protocols that establishes a secure channel between two devices.

Question 121

IoT

Answer 121

Internet of Things

A system of interrelated computing devices, mechanical and digital machines, and objects that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or humant-to-computer interaction.

Question 122

IDS

Answer 122

Intrusion Detection System

A system responsible for detecting unauthorized access or attacks against systems and networks.

Question 123

IPS

Answer 123

Intrusion Prevention System

A system that is responsible for preventing attacks.

Question 124

JSON

Answer 124

JavaScript Object Notation

The data exchange format used to send data between applications in the form of an API-based representational state transfer (REST) architectural style.

Question 125

JWT

Answer 125

JSON Web Token

A proposed internet standard that uses signed tokens to communicate with previously established authentication information in an SSO environment.

Question 126

KPI

Answer 126

Key Performance Indicator

A metric that is created, collected, and analyzed to assess performance.

Question 127

KRI

Answer 127

Key Risk Indicator

A metric that is created, collected, and analyzed to assess risk.

Question 128

L2TP

Answer 128

Layer 2 Tunneling Protocol

A newer protocol that operates at layer 2 of the OSI model. Like PPTP, L2TP can use various authentication mechanisms, however, L2TP does not provide any encryption. It is typically used with IPSec, which is a very strong encryption method.

Question 129

LEAP

Answer 129

Lightweight Extensible Authentication Protocol

A proprietary wireless LAN authentication method developed by Cisco.

Question 130

LDAP

Answer 130

Lightweight Directory Access Protocol

A common directory services standard.

Question 131

ML

Answer 131

Machine Learning

The use of generated training data to build a model that makes predictions and decisions without being explicitly programmed to do so.

Question 132

MDF

Answer 132

Main Distribution Frame

A signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant).

Question 133

MSSP

Answer 133

Managed Security Service Provider

A provider that offers the option to fully outsource all information assurance to a third party.

Question 134

MAC

Answer 134

Mandatory Access Control

An access control system in which subject authoritzation is based on security labels.

Question 135

MSA

Answer 135

Master Service Agreement

A contract between two partiees in which both parties agree to most of the terms that will govern future transactions or future agreements.

Question 136

MTBF

Answer 136

Mean Time Between Failures

The estimated amount of time a device will operate before a failure occurs.

Question 137

MTTR

Answer 137

Mean Time to Recovery

The average time to repair a single resource or function when a disaster or disruption occurs.

Question 138

MOU

Answer 138

Memorandum of Understanding

An agreement between two or more organizations that details a common line of action.

Question 139

MD5

Answer 139

Message Digest Algorithm

Produces a 128-bit output and is less secure than SHA. it sometimes represents passwords.

Question 140

ATT&CK

Answer 140

Adversarial Tactics, Techniques, & Common Knowledge

A knowledge base of adversarial tactics and technique based on real-world observations.

Question 141

ATT&CK ICS

Answer 141

ATT&CK for Industrial Control Systems

A MITRE knowledge base that focuses specifically on industrial control systems.

Question 142

MCKMS

Answer 142

Multi-Cloud Key Management System

A key management system configured for multiple clouds.

Question 143

MFA

Answer 143

Multi-Factor Authentication

Authentication in which authentication factors from at least two different factor categories are used. For example, a PIN, a retina scan, and signature dynamics.

Question 144

MIME

Answer 144

Multipurpose Internet Mail Extensions

An Internet standard that allows email to include non-text attachments, non-ASCII character sets, multiple part message bodies, and non-ASCII header information.

Question 145

NFC

Answer 145

Near Field Communication

A sect of communication protocols that allow two electronic devices, one of which is usually a mobile device, to establish communication when they are within 2 inches of each other.

Question 146

NPV

Answer 146

Net Present Value

A function that considers the fact that money spent today is worth more than savings realized tomorrow.

Question 147

NAC

Answer 147

Network Access Control

A service that goes beyond authentication of the user and includes examination of the state of the computer the user is introducing to the network when making a remove access, or VPN, connection to the network.

Question 148

NAT

Answer 148

Network Address Translation

A service that can be supplied by a router or by a server that translates public IP addresses to private IP addresses and vice versa.

Question 149

NIDS

Answer 149

Network Intrusion Detection System

An IDS that monitors network traffic on a local network segment.

Question 150

NIPS

Answer 150

Network Intrusion Prevention System

An IPS that scans traffic on a network for signs of malicious activity and takes some action to prevent it.

Question 151

NGFW

Answer 151

Next Generation Firewall

A type of firewall that attempts to address the traffic inspection and application-awareness shortcomings of a traditional stateful firewall without hampering performance.

Question 152

NDA

Answer 152

Non-Disclosure Agreement

An agreement between two parties that defines what information is considered confidential and cannot be shared outside the two parties.

Question 153

NX

Answer 153

No-Execute bit

Technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or storage of data.

Question 154

OTP

Answer 154

One-Time Password

A password that is used only once to log in to the access control system. This password type provides the highest level of security because it is discarded after it is used once. Also called a dynamic password.

Question 155

OCSP

Answer 155

Online Certificate Status Protocol

An internet protocol that obtains the revocation status of an X.509 digital certificate by using the serial number.

Question 156

OAuth

Answer 156

Open Authorization

A standard for authorization that allows users to share private resources on one site to another site without using credentials.

Question 157

OSINT

Answer 157

Open-Source Intelligence

Data collected from publicly available sources.

Question 158

OSSTMM

Answer 158

Open Source Security Testing Methodology Manual

A manual that covers different kinds of security tests of physical, human (processes), and communication systems.

Question 159

OSA

Answer 159

Open System Authentication

The default authentication used in 802.11 networks using WEP. The authentication request contains only the station ID and authentication response.

Question 160

OVAL

Answer 160

Open Vulnerability and Assessment Language

A standardized method used to transfer security information across the entire spectrum of security tools and services.

Question 161

OWASP

Answer 161

Open Web Application Security Project

A group that monitors web attacks.

Question 162

OLA

Answer 162

Operational-Level Agreement

An internal organizational document that details the relationships that exist between departments to support business activities.

Question 163

OFB

Answer 163

Output Feedback

A DES mode that uses a previous keystream with a key to create the next keystream.

Question 164

OTA

Answer 164

Over-the-Air

An industry-standard mechanism or process that wirelessly delivers OS and firmware updates to a mobile device over Wi-Fi or a mobile data connection.

Question 165

PCAP

Answer 165

Packet Capture

Packet and protocol analysis rely on a sniffer tool to capture and decode the frames of data. Network traffic can be captured from a host or a network segment.

Question 166

PAP

Answer 166

Password Authentication Protocol

A password-based authentication protocol used by Point to Point Protocol (PPP) to validate users.

Question 167

PBKDF2

Answer 167

Password-Based Key Derivation FUnction 2

An encryption mechanism that basically uses a password and manipulates it to generate a strong key that can be used for encryption and subsequently decryption.

Question 168

PCI DSS

Answer 168

Payment Card Industry Data Security Standard

A security standard that enumerates requirements that payment card industry players should meet to secure and monitor their networks, protect cardholder data, manage vulnerabilities, implement strong access controls, and maintain security policies.

Question 169

PFS

Answer 169

Perfect Forward Secrecy

A process which ensures that a session key derived from a set of long term keys cannot be compromised if one of the long term keys is compromised in the future.

Question 170

PII

Answer 170

Personally Identifiable Information

A piece of data that can be used alone or with other information to identify a particular person.

Question 171

PaaS

Answer 171

Platform as a Service

A cloud service model in which the vendor provides the hardware platform or data center and the software running on the platform, including the OS and infrastructure software. The company is still involved in managing the system.

Question 172

PCR

Answer 172

Platform Configuration Register hash

Versatile memory that stores data hashes for the sealing function.

Question 173

PPTP

Answer 173

Point-to-Point Tunneling Protocol

A Microsoft protocol based on PPP that uses built-in Microsoft Point-to-Point encryption and can use a number of authentication methods, including CHAP, MS-CHAP, and EAP-TLS.

Question 174

POP

Answer 174

Post Office Protocol

An application layer email retrieval protocol.

Question 175

PRL

Answer 175

Preferred Roaming List

A list of radio frequencies that resides in the memory of some kinds of digital phones.

Question 176

PGP

Answer 176

Pretty Good Privacy

An encryption system that provides email encryption over the internet can provide confidentiality, integrity, and authentication, depending on the encryption methods used.

Question 177

PLA

Answer 177

Privacy-Level Agreement

A document that sets out in contractual terms how a third-party provider will ensure that the information it hosts will not be seen by the wrong set of eyes.

Question 178

PBX

Answer 178

Private Branch Exchange

A telephone exchange or telephone switching system that is installed at, and serves, a private organization with a large number of internal devices.

Question 179

PFE

Answer 179

Private Function Evaluation

The process of evaluating one party’s private data using a private function owned by another party.

Question 180

PIR

Answer 180

Private Information Retrieval

A type of protocol that can retrieve information from a server without revealing which item is retrieved.

Question 181

PAM

Answer 181

Privileged Access Management

Protects against the issues related to credential theft and misuse.

Question 182

PRI

Answer 182

Product Release Information

A connection between a mobile device and a radio

Question 183

PLD

Answer 183

Programmable Logic Device

An integrated circuit with connections or internal logic gates that can be changed through a programming process.

Question 184

PKI

Answer 184

Public Key Infrastructure

The set of systems, software, and communication protocols that distribute, manage, and control public key cryptography.

Question 185

RIPEMD

Answer 185

RACE Integrity Primitives Evaluation Message Digest

A hashing algorithm that produces a 160-bit hash value after performing 160 rounds of computations on 512-bit blocks.

Question 186

RTP

Answer 186

Real-Time Transport Protocol

A network protocol for delivering audio and video over IP networks.

Question 187

RUM

Answer 187

Real User Monitoring

A monitoring method that captures and analyzes every transaction of every application or website user.

Question 188

RAID

Answer 188

Redundant Array of Inexpensive Disks

Refers to how a sysadmin configures the storage array to provide redundancy in the case of one or more disks failing.

Question 189

RA

Answer 189

Registration Authority

A server that verifies a requester’s identity and registers the requester.

Question 190

RADIUS

Answer 190

Remote Authentication Dial-In User Service

A networking protocol that provides centralized authentication and authorization.

Question 191

RDP

Answer 191

Remote Desktop Protocol

A proprietary protocol developed by Microsoft that provides a graphical interface to connect to another computer over a network.

Question 192

RTU

Answer 192

Remote Terminal Unit

A device in an ICS that connects to sensors and converts sensor data to digital data, including telemetry hardware.

Question 193

REST

Answer 193

Representational State Transfer

A client/server model for interacting with content on remote systems, typically using HTTP.

Question 194

ROI

Answer 194

Return On Investment

The money gained or lost after an organization makes an investment.

Question 195

RSA

Answer 195

Rivest, Shamir, and Adleman

The most popular asymmetric algorithm.

Question 196

RBAC

Answer 196

Rule-Based Access Control

An access control system in which each subject is assigned to one or more roles. Roles are hierarchical, and access control is defined based on the roles.

Question 197

ROE

Answer 197

Rules of Engagement

A document describing how a pen-test may be performed, including the type of testing to be performed, the scope of software and systems to be included in the test, along with contact information.

Question 198

RoT

Answer 198

Root of Trust

Or, trust anchor, is a secure subsystem that provides attestation, meaning the receiver can trust a statement made by the system.

Question 199

SIS

Answer 199

Safety Instrumented Data

Contains sensors, logic solvers, and final control elements (like horns, flashing lights, and sirens) to return an industrial process to a safe state after detecting predetermined conditions.

Question 200

SOW

Answer 200

Scope of Work

Describes the specific systems, or range of IP addresses, time frame, testing, location of where testing is to be performed, and other details.

Question 201

SFE

Answer 201

Secure Function Evaluation

The process in which multiple parties collectively compute a function and receive its output without learning the inputs from any other party.

Question 202

SHA

Answer 202

Secure Hashing Algorithm

A family of four algorithms published by the US NIST.

Question 203

S/MIME

Answer 203

Secure Multipurpose Internet Mail Extensions

A secure version of MIME that encrypts and digitally signs email messages and encrypts attachments.

Question 204

SSH

Answer 204

Secure Shell

A protocol created to provide an encrypted method of performing remote command-line operations.

Question 205

SSL

Answer 205

Secure Sockets Layer

A protocol used to create secure connections to servers. It works at the application layer of the OSI model. It is used mainly to protect HTTP/HTTPS traffic or web servers.

Question 206

SAML

Answer 206

Security Assertion Markup Language

A security attestation model built on XML and SOAP-based services that allows for the exchange of authentication and authorization data between systems and that supports federated identity management.

Question 207

SCAP

Answer 207

Security Content Automation Protocol

A standard that the security automation community uses to enumerate software flaws and configuration issues.

Question 208

SEAndroid

Answer 208

Security-Enhanced Android

An SELinux version that runs on Android devices.

Question 209

SELinux

Answer 209

Security-Enhanced Linux

A Linux kernel security module that separates enforcement of security decisions from the security policy itself and streamlines the amount of software involved with security policy enforcement.

Question 210

SIEM

Answer 210

Security Information and Event Management

A system that provides log centralization and an automated solution for analyzing events.

Question 211

SOAR

Answer 211

Security Orchestration, Automation, and Response

The use of technologies to accomplish automation and orchestration in performing mundane tasks that are crucial to identifying and responding to security issues.

Question 212

SRTM

Answer 212

Security Requirements Traceability Matrix

A grid that documents the security requirements that a new asset must meet.

Question 213

STAR

Answer 213

Security Trust Assurance and Risk registry

A list of cloud providers that have met the requirements laid out by the Cloud Security Alliance (CSA).

Question 214

SED

Answer 214

Self-Encrypting Drives

An HDD or SSD designed to automatically encrypt drive data as it is written to the disk and decrypt stored data.

Question 215

SPF

Answer 215

Sender Policy Framework

An email validation system that works by using DNS to determine whether an email sent by someone has been sent by a host sanctioned by that domain’s administrator.

Question 216

SLA

Answer 216

Service Level Agreement

An agreement to respond to problems within a certain time frame while providing an agreed level of service.

Question 217

SOA

Answer 217

Service Oriented Architecture

A style of software design that involves using software to provide application functionality as services to other applications.

Question 218

SSID

Answer 218

Service Set Identifier

A name or value assigned to identify a WLAN from other WLANs.

Question 219

SKA

Answer 219

Shared Key Authentication

A verification process that uses WEP and a shared secret key for authentication. The challenge text is encrypted with WEP using the shared secret key.

Question 220

SCEP

Answer 220

Simple Certificate Enrollment Protocol

A protocol that is used in provisioning certificates to network devices, including mobile devices.

Question 221

SMTP

Answer 221

Simple Mail Transfer Protocol

An application layer protocol that is used to retrieve information from network devices and to send configuration changes to those devices.

Question 222

SNMP

Answer 222

Simple Network Management Protocol

An application layer protocol that is used to retrieve information from network devices and to send configuration changes to those devices.

Question 223

SOAP

Answer 223

Simple Object Access Protocol

A protocol specification for exchanging structured information in the implementation of web services in computer networks.

Question 224

SLE

Answer 224

Single Loss Expectancy

The monetary impact of a threat occurrence.

Question 225

SSO

Answer 225

Single Sign-On

Question 226

SaaS

Answer 226

Software as a Service

A cloud service model in which the vendor provides the entire solution, including the OS, the infrastructure software, and the application.

Question 227

SCA

Answer 227

Software Composition Analysis

The process of performing automated scans of an application’s code base, including related artifacts such as containers and registries, to identify all open-source components, their license compliance data, and any security vulnerabilities and fix vulnerabilities through prioritization and auto remediation.

Question 228

SDN

Answer 228

Software-Defined Networks

The decoupling of the control plan and the data plane in networking.

Question 229

SNAT

Answer 229

Stateful Network Address Translation

A service that implements two or more NAT devices to work together as a translation group. It is called stateful NAT because it maintains a table about the communication sessions between internal and external systems.

Question 230

SAST

Answer 230

Static Application Security Testing

A form of testing that is performed with the application not running.

Question 231

SRK

Answer 231

Storage Root Key

Persistent memory that secures the keys stored in a TPM chip.

Question 232

SQLi

Answer 232

Structured Query Language Injection

SQLi manipulates SQL language in poorly crafted web applications in order to gain access to data stored in the underlying database.

Question 233

SCADA

Answer 233

Supervisory Control And Data Acquisition

A system that operates with coded signals over communication channels to provide control of remote equipment.

Question 234

SoC

Answer 234

System on a Chip

Software contained on a chip such as a baseband processor in a network interface that manages radio functions.

Question 235

SFC

Answer 235

System File Checker

A command-line utility that checks and verifies the version of system files on a computer.

Question 236

SPAN

Answer 236

Switched-Port Analyzer

A port that has been configured to include mirrored traffic from other ports on a switch.

Question 237

TACACS

Answer 237

Terminal Access Controller Access Control System

A networking protocol that provides centralized authentication and authorization.

Question 238

TAP

Answer 238

Test Access Port

The preferred mechanism for performing traffic capture, sniffing.

Question 239

TOTP

Answer 239

Time-based One-Time Password

An algorithm that computes a password from a shared secret and the current time. It is based on the HOTP but turns the current time into an integer-based counter.

Question 240

TOCTOU

Answer 240

Time of Check vs Time of Use

Describes issues associated with programming that follow a sequence of steps and makes assumptions about the state of the steps. A lack of atomic execution exposes applications to TOCTOU types of attacks.

Question 241

TCO

Answer 241

Total Cost of Ownership

A measure of the overall costs associated with running an organizational risk management process, including insurance premiums, finance costs, administrative costs, and any losses incurred.

Question 242

TLS

Answer 242

Transport Layer Security

A cryptographic protocol that protects internet communications and is an upgrade of SSL.

Question 243

3DES

Answer 243

Triple Digital Encryption Standard

The replacement algorithm for DES.

Question 244

TPM

Answer 244

Trusted Platform Module

A specification for hardware-based storage of encryption keys, hashed passwords, and other user and platform identification information.

Question 245

2FA

Answer 245

Two-Factor Authentication

Authentication in which authentication factors from two different factor categories are used. For example, a password and an iris scan.

Question 246

UEFI

Answer 246

Unified Extensible Firmware Interface

An alternative to BIOS for interfacing between the software and the firmware of a system.

Question 247

UTM

Answer 247

Unified Threat Management

A solution in which devices perform multiple security functions. For example, antivirus, firewalling, and network access control may all be provided by a single device.

Question 248

UDDI

Answer 248

Universal Description Discovery and Integration

A platform-dependent, XML protocol that includes a (XML-based) registry by which businesses worldwide can list themselves on the internet, and a mechanism to register and locate web service applications.

Question 249

UEBA

Answer 249

User and Entity Behavior Analytics

A type of analysis that focuses on observing network behaviors for anomalies.

Question 250

VDI

Answer 250

Virtual Desktop Infrastructure

A server-based virtualization technology that hosts and manages virtual desktops. Functions include creating the desktop images, managing the desktops on the servers, and providing client network access for the desktop.

Question 251

WAF

Answer 251

Web Application Firewall

Provides effective protection of web applications by inspecting traffic for signs of malicious activity.

Question 252

WSS

Answer 252

Web Services Security

An extension to SOAP that is used to apply security to web services.

Question 253

WPA

Answer 253

Wi-Fi Protected Access
WPA2 Wi-Fi Protected Access 2
WPA3 Wi-Fi Protected Access 3

Question 254

WEP

Answer 254

Wired Equivalent Privacy

Question 255

WIDS

Answer 255

Wireless Intrusion Detection System

An IDS that operates on a WLAN rather than on a wired network.

Question 256

XN

Answer 256

Execute Never bit

A method for specifying areas of memory that cannot be used for execution.

Question 257

XXEi

Answer 257

XML External Entity Injection

An attack against an application that parses XML input. A weakly configured XML parser may process references to an external entity that could leak confidential data.

Question 258

XCCDF

Answer 258

Extensible Configuration Checklist Description Format

Provides a consistent and standardized way to define benchmark information as well as configuration and security checks to be performed during an assessment.