Acronyms

Question 1

AAA

Answer 1

Authentication, Authorization, and Accounting: A framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

Question 2

ACL

Answer 2

Access Control List: A table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file.

Question 3

AES

Answer 3

Advanced Encryption Standard: A symmetric encryption algorithm widely used across the glove to secure data.

Question 4

AES-256

Answer 4

Advanced Encryption Standards 256-bit: A version of AES using 256-bit key size for encryption, providing a higher level of security.

Question 5

AH

Answer 5

Authentication Header: A part of the IPsec protocol suite that provides authentication and integrity to the data.

Question 6

AI

Answer 6

Artificial Intelligence: The simulation of human intelligence processes by machines, especially computer systems.

Question 7

AIS

Answer 7

Automated Indicator Sharing: A system that allows the exchange of cyber threat indicators between the public and private sectors.

Question 8

ALE

Answer 8

Annualized Loss Expectancy: A risk management concept to estimate the monetary loss that can be expected for an asset due to a risk over a year.

Question 9

AP

Answer 9

Access Point: A networking hardware device that allows other Wi-Fi devices to connect to a wired network.

Question 10

API

Answer 10

Application Programming Interface: A set of functions and procedures allowing the creation of applications that access the features or data on an operating system, application, or other services.

Question 11

APT

Answer 11

Advanced Persistent Threat: A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.

Question 12

ARO

Answer 12

Annualized Rate of Occurrence: The expected frequency with which a specific event is likely to occur annually.

Question 13

ARP

Answer 13

Address Resolution Protocol: A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.

Question 14

ASLR

Answer 14

Address Space Layout Randomization: A computer security technique involved in preventing exploitation of memory corruption vulnerabilities.

Question 15

ATT&CK

Answer 15

Adversarial Tactics, Techniques, and Common Knowledge: A knowledge base maintained by MITRE for listing and explaining cyber adversary behavior.

Question 16

AUP

Answer 16

Acceptable Use Policy: A policy that sets out the rules and guidelines for the proper use of an organization’s information technology.

Question 17

AV

Answer 17

Antivirus: Software designed to detect and destroy computer viruses.

Question 18

BASH

Answer 18

Bourne Again Shell: A Unix shell and command language.

Question 19

BCP

Answer 19

Business Continuity Planning: The process involved in creating a system of prevention and recovery from potential threats to a company.

Question 20

BGP

Answer 20

Border Gateway Protocol: The protocol used to route information across the internet.

Question 21

BIA

Answer 21

Business Impact Analysis: A process that identifies and evaluate the potential effects of natural and man-made events on business operations.

Question 22

BIOS

Answer 22

Basic Input/Output System: Firmware used to perform hardware initialization during the booting process and to provide runtime services for operating systems and programs.

Question 23

BPA

Answer 23

Business Partners Agreement: A contract between parties who have agreed to share resources to undertake a specific, mutually beneficial project.

Question 24

BPDU

Answer 24

Bridge Protocol Data Unit: A type of network message that is transmitted by a local area network (LAN) bridge.

Question 25

BYOD

Answer 25

Bring Your Own Device: A policy that allows employees to bring personally owned devices to their workplace and use those devices to access company information and applications.

Question 26

CA

Answer 26

Certificate Authority: An entity that issues digital certificates for use by other parties.

Question 27

CAPTCHA

Answer 27

Completely Automated Public Turing Test to Tell Computers and Humans Apart: A type of challenge-response test used in computing to determine whether the user in human.

Question 28

CAR

Answer 28

Corrective Action Report: A report that outlines the corrective actions necessary to rectify a detected non-conformance.

Question 29

CASB

Answer 29

Cloud Access Security Broker: On-premises or cloud-based security policy enforcement points between cloud service consumers and cloud service providers.

Question 30

CBC

Answer 30

Cipher Block Chaining: A mode of operation for a block cipher that provides confidentiality but not message integrity.

Question 31

CCMP

Answer 31

Counter Mode/CBC-MAC Protocol: An encryption protocol used in Wi-Fi networks.

Question 32

CCTV

Answer 32

Closed-circuit Television: A TV system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes.

Question 33

CERT

Answer 33

Computer Emergency Response Team: An expert group that handles computer security incidents.

Question 34

CFB

Answer 34

Cipher Feedback: a mode of operation for a block cipher.

Question 35

CHAP

Answer 35

Challenge Handshake Authentication Protocol: A type of authentication protocol used primarily to authenticate a user or network host to an authenticating entity.

Question 36

CIA

Answer 36

Confidentiality, Integrity, Availability: A model designed to guide policies for information security within an organization.

Question 37

CIO

Answer 37

Chief Information Officer: A job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals.

Question 38

CIRT

Answer 38

Computer Incident Response Team: A service organization that is contacted when a security breach or other computer-related emergency occurs.

Question 39

CMS

Answer 39

Content Management System: Software that helps users create, manage, and modify content on a website without the need for specialized technical knowledge.

Question 40

COOP

Answer 40

Continuity of Operation Planning: A process by government agencies to ensure that critical functions continue during a wide range of emergencies, including localized acts of nature, accidents, and technological or attack-related emergencies.

Question 41

CP

Answer 41

Contingency Planning: A course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen.

Question 42

CRC

Answer 42

Certificate Redundancy Check: An error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.

Question 43

CRL

Answer 43

Certificate Revocation List: A list of digital certificates that have been revoked by the issuing certificate authority before their scheduled expiration date and should no longer be trusted.

Question 44

CSO

Answer 44

Chief Security Officer: A company executive responsible for the security of personnel, physical assets, and information in both physical and digital form.

Question 45

CSP

Answer 45

Cloud Service Provider: A company that offers some component of cloud computing - typically Infrastructure as a Service (IaaS), Software as a Service (SaaS) or Platform as a Service (PaaS) - to other businesses or individuals.

Question 46

CSR

Answer 46

Certificate Signing Request: A message sent from an applicant to a certificate authority in order to apply for a digital identity certificate.

Question 47

CSRF

Answer 47

Cross-site Request Forgery: A type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

Question 48

CSU

Answer 48

Channel Service Unit: A device used in digital data transmission for interfacing a digital data terminal with a digital transmission medium.

Question 49

CTM

Answer 49

Counter Mode: A mode of operation in cryptography for block ciphers.

Question 50

CTO

Answer 50

Chief Technology Officer: An executive-level position in a company or other entity whose occupant is focused on scientific and technological issues within an organization.

Question 51

CVE

Answer 51

Common Vulnerability Enumeration: A list of publicly disclosed cybersecurity vulnerabilities.

Question 52

CVSS

Answer 52

Common Vulnerability Scoring System: A free and open industry standard for assessing the severity of computer system security vulnerabilities.

Question 53

CYOD

Answer 53

Choose Your Own Device: A corporate policy that permits employees to choose which devices they use for work purposes.

Question 54

DAC

Answer 54

Discretionary Access Control: A type of access control defined by the Access Control List (ACL) where access rights are assigned to users by the system (or system’s administrators).

Question 55

DBA

Answer 55

Database Administrator: A person who uses specialized software to store and organize data.

Question 56

DDoS

Answer 56

Distributed Denial of Service: A type of cyber-attack where multiple compromised computer systems attack a target, such as a server, website, or other network resource, and cause a denial of service for users of the targeted resource.

Question 57

DEP

Answer 57

Data Execution Prevention: A security feature that can help prevent damage to your computer from viruses and other security threats.

Question 58

DES

Answer 58

Digital Encryption Standard: A previously dominant algorithm for the encryption of electronic data.

Question 59

DHCP

Answer 59

Dynamic Host Configuration Protocol: A network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network.

Question 60

DHE

Answer 60

Diffie-Hellman Ephemeral: A method of securely exchanging cryptographic keys over a public channel.

Question 61

DLL

Answer 61

Dynamic Link Library: A feature of Windows and other operating systems that allows multiple software programs to share the same functionality.

Question 62

DLP

Answer 62

Data Loss Prevention: A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

Question 63

DMARC

Answer 63

Domain Message Authentication Reporting and Conformance: An email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.

Question 64

DNAT

Answer 64

Destination Network Address Translation: A technique for transparently changing the destination IP address of an end route packet and performing the invers function for any replies.

Question 65

DNS

Answer 65

Domain Name System: The phonebook of the Internet, a hierarchical and decentralized naming system for computers, services or other resources connected to the Internet or a private network.

Question 66

DoS

Answer 66

Denial of Service: A cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

Question 67

DPO

Answer 67

Data Privacy Officer: A role within a company or organization responsible for ensuring that the company complies with data protection laws.

Question 68

DRP

Answer 68

Disaster Recovery Plan: A structured approach with policies and procedures for responding to an unplanned incident and recovering critical systems.

Question 69

DSA

Answer 69

Digital Signature Algorithm: A standard for digital signatures.

Question 70

DSL

Answer 70

Digital Subscriber Line: A family of technologies that provide internet access by transmitting digital data over the wires of local telephone network.

Question 71

EAP

Answer 71

Extensible Authentication Protocol: An authentication framework frequently used in wireless networks and Point-to-Point connections.

Question 72

ECC

Answer 72

Elliptic Curve Cryptography: An approach to public‐key cryptography based on the algebraic
structure of elliptic curves over finite fields.

Question 73

ECDHE

Answer 73

Elliptical Curve Diffie-Hellman Ephemeral: A variant of the Diffie-Hellman algorithm that uses elliptic curve cryptography.

Question 74

ECDSA

Answer 74

Elliptical Curve Digital Signature Algorithm: A cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners.

Question 75

EDR

Answer 75

Endpoint Detection and Response: A cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats.

Question 76

EFS

Answer 76

Encrypted File System: A feature of some versions of Microsoft Windows that provides filesystem-level encryption.

Question 76

ERP

Answer 76

Enterprise Resource Planning: Business process management software that allows an organization to use a system of integrated applications to manage the business and automate many back office functions.

Question 77

ESN

Answer 77

Electronic Serial Number: A unique identification number embedded by manufacturers on a microchip in wireless phones.

Question 77

ESP

Answer 77

Encapsulated Security Payload: A component of IPsec used for providing confidentiality, along with some authentication and integrity, to the data.

Question 77

FACL

Answer 77

File System Access Control List: A data structure, most often associated with Microsoft Windows and NTFS, that controls access to files and folders.

Question 77

FDE

Answer 77

Full Disk Encryption: Encryption at the hardware level.

Question 77

FIM

Answer 77

File Integrity Management: A technology that monitors and reports changes in files, often used in IT security.

Question 77

FPGA

Answer 77

Field Programmable Gate Array: An integrated circuit designed to be configured by a customer or a designer after manufacturing.

Question 78

FRR

Answer 78

False Rejection Rate: In biometric security systems, the measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user.

Question 78

FTP

Answer 78

File Transfer Protocol: A standard network protocol used for the transfer of computer files between a client and server on a computer network.

Question 78

FTPS

Answer 78

Secured File Transfer Protocol: An extension of FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

Question 78

GCM

Answer 78

Galois Counter Mode: A mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance.

Question 78

GDPR

Answer 78

General Data Protection Regulation: A regulation in EU law on dat a protection and privacy in the European Union and the European Economic Area.

Question 78

GPG

Answer 78

Gnu Privacy Guard: A free software re-implementation of the OpenPGP standard as defined by RFC4880, which allows you to encrypt and sign your data and communications.

Question 78

GPO

Answer 78

Group Policy Object: A feature of Windows that provides centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment.

Question 79

GPS

Answer 79

Global Positioning System: A satellite-based radio navigation system owned by the United States government and operated by the United States Space Force.

Question 79

GPU

Answer 79

Graphics Processing Unit: A specialized electronic circuit designed to rapidly manipulate and alter memory to accelerate the creation of images in a frame buffer intended for output to a display device.

Question 79

GRE

Answer 79

Generic Routing Encapsulation: A tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.