Acronyms

Question 1

AAA

Answer 1

Authentication, Authorization, and Accounting: A framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

Question 2

ACL

Answer 2

Access Control List: A table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file.

Question 3

AES

Answer 3

Advanced Encryption Standard: A symmetric encryption algorithm widely used across the glove to secure data.

Question 4

AES-256

Answer 4

Advanced Encryption Standards 256-bit: A version of AES using 256-bit key size for encryption, providing a higher level of security.

Question 5

AH

Answer 5

Authentication Header: A part of the IPsec protocol suite that provides authentication and integrity to the data.

Question 6

AI

Answer 6

Artificial Intelligence: The simulation of human intelligence processes by machines, especially computer systems.

Question 7

AIS

Answer 7

Automated Indicator Sharing: A system that allows the exchange of cyber threat indicators between the public and private sectors.

Question 8

ALE

Answer 8

Annualized Loss Expectancy: A risk management concept to estimate the monetary loss that can be expected for an asset due to a risk over a year.

Question 9

AP

Answer 9

Access Point: A networking hardware device that allows other Wi-Fi devices to connect to a wired network.

Question 10

API

Answer 10

Application Programming Interface: A set of functions and procedures allowing the creation of applications that access the features or data on an operating system, application, or other services.

Question 11

APT

Answer 11

Advanced Persistent Threat: A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.

Question 12

ARO

Answer 12

Annualized Rate of Occurrence: The expected frequency with which a specific event is likely to occur annually.

Question 13

ARP

Answer 13

Address Resolution Protocol: A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.

Question 14

ASLR

Answer 14

Address Space Layout Randomization: A computer security technique involved in preventing exploitation of memory corruption vulnerabilities.

Question 15

ATT&CK

Answer 15

Adversarial Tactics, Techniques, and Common Knowledge: A knowledge base maintained by MITRE for listing and explaining cyber adversary behavior.

Question 16

AUP

Answer 16

Acceptable Use Policy: A policy that sets out the rules and guidelines for the proper use of an organization’s information technology.

Question 17

AV

Answer 17

Antivirus: Software designed to detect and destroy computer viruses.

Question 18

BASH

Answer 18

Bourne Again Shell: A Unix shell and command language.

Question 19

BCP

Answer 19

Business Continuity Planning: The process involved in creating a system of prevention and recovery from potential threats to a company.

Question 20

BGP

Answer 20

Border Gateway Protocol: The protocol used to route information across the internet.

Question 21

BIA

Answer 21

Business Impact Analysis: A process that identifies and evaluate the potential effects of natural and man-made events on business operations.

Question 22

BIOS

Answer 22

Basic Input/Output System: Firmware used to perform hardware initialization during the booting process and to provide runtime services for operating systems and programs.

Question 23

BPA

Answer 23

Business Partners Agreement: A contract between parties who have agreed to share resources to undertake a specific, mutually beneficial project.

Question 24

BPDU

Answer 24

Bridge Protocol Data Unit: A type of network message that is transmitted by a local area network (LAN) bridge.

Question 25

BYOD

Answer 25

Bring Your Own Device: A policy that allows employees to bring personally owned devices to their workplace and use those devices to access company information and applications.

Question 26

CA

Answer 26

Certificate Authority: An entity that issues digital certificates for use by other parties.

Question 27

CAPTCHA

Answer 27

Completely Automated Public Turing Test to Tell Computers and Humans Apart: A type of challenge-response test used in computing to determine whether the user in human.

Question 28

CAR

Answer 28

Corrective Action Report: A report that outlines the corrective actions necessary to rectify a detected non-conformance.

Question 29

CASB

Answer 29

Cloud Access Security Broker: On-premises or cloud-based security policy enforcement points between cloud service consumers and cloud service providers.

Question 30

CBC

Answer 30

Cipher Block Chaining: A mode of operation for a block cipher that provides confidentiality but not message integrity.

Question 31

CCMP

Answer 31

Counter Mode/CBC-MAC Protocol: An encryption protocol used in Wi-Fi networks.

Question 32

CCTV

Answer 32

Closed-circuit Television: A TV system in which signals are not publicly distributed but are monitored, primarily for surveillance and security purposes.

Question 33

CERT

Answer 33

Computer Emergency Response Team: An expert group that handles computer security incidents.

Question 34

CFB

Answer 34

Cipher Feedback: a mode of operation for a block cipher.

Question 35

CHAP

Answer 35

Challenge Handshake Authentication Protocol: A type of authentication protocol used primarily to authenticate a user or network host to an authenticating entity.

Question 36

CIA

Answer 36

Confidentiality, Integrity, Availability: A model designed to guide policies for information security within an organization.

Question 37

CIO

Answer 37

Chief Information Officer: A job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals.

Question 38

CIRT

Answer 38

Computer Incident Response Team: A service organization that is contacted when a security breach or other computer-related emergency occurs.

Question 39

CMS

Answer 39

Content Management System: Software that helps users create, manage, and modify content on a website without the need for specialized technical knowledge.

Question 40

COOP

Answer 40

Continuity of Operation Planning: A process by government agencies to ensure that critical functions continue during a wide range of emergencies, including localized acts of nature, accidents, and technological or attack-related emergencies.

Question 41

CP

Answer 41

Contingency Planning: A course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen.

Question 42

CRC

Answer 42

Certificate Redundancy Check: An error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.

Question 43

CRL

Answer 43

Certificate Revocation List: A list of digital certificates that have been revoked by the issuing certificate authority before their scheduled expiration date and should no longer be trusted.

Question 44

CSO

Answer 44

Chief Security Officer: A company executive responsible for the security of personnel, physical assets, and information in both physical and digital form.