Acronyms

Question 1

CCE

Answer 1

Common Configuration Enumeration - Standard for discussing system configuration issues

Question 2

CVE

Answer 2

Common Vulnerabilities and Exposures - Standard for describing security-related software flaws

Question 3

CPE

Answer 3

Common Platform Enumeration - Standard for describing product names and versions

Question 4

CVSS

Answer 4

Common Vulnerability Scoring System - Standard for measuring and describing the severity of security-related software flaws

Question 5

XCCDF

Answer 5

Extensible Configuration Checklist Description Format - Language for specifying checklists and reporting checklist results

Question 6

OVAL

Answer 6

Open Vulnerability and Assessment Language - Language for specifying low-level testing procedures used by checklist

Question 7

SCAP

Answer 7

Security Content Automation Protocol - Led by NIST to create a standardized approach for communicating security related content (CVE, CVSS, etc.)

Question 8

NIST

Answer 8

National Institute of Standards and Technology

Question 9

IDS

Answer 9

Intrusion Detection System

Question 10

IPS

Answer 10

Intrusion Prevention System

Question 11

PCI DSS

Answer 11

Payment Card Industry Data Security Standard (PCI DSS) - Not a law, maintained by the PCI SSC, funded by the payment card industry to maintain requirements

Question 12

PCI SSC

Answer 12

Payment Card Industry Security Standards Council

Question 13

ASV

Answer 13

Approved Scanning Vendor

Question 13

FedRAMP

Answer 13

Federal Risk and Authorization Management Program - Fed regulation that establishes a standard approach for assessing, monitoring, and authorizing cloud computing services under the FISMA

Question 14

FISMA

Answer 14

Federal Information Security Management Act

Question 15

CIS

Answer 15

Center for Internet Security - Publishes security benchmarks that represent the consensus opinions of SME’s. Provides solid foundation for system configuration efforts

Question 16

ISO

Answer 16

International Organization for Standardization - Publishes standards related to information security, ISO 27001, ISO 27002 etc.

Question 17

OWASP

Answer 17

Open Web Application Security Project - Home to devs and security practitioners, hosts community-developed standards, guides, best practice documents, and industry standard open-source tools

Question 18

ISO 27001

Answer 18

Standard for setting up an information security management system

Question 19

ISO 27002

Answer 19

More specific than ISO 27001, goes into detail on specific information security controls

Question 20

ITSM

Answer 20

IT service management - tool that can be used for tracking vulnerabilities

Question 21

SLA

Answer 21

Service-level Agreement - Business agreement that outlines which services and support will be provided to a client

Question 22

MOU

Answer 22

Memorandum of Understanding - Agreement between two or more parties that is outlined in formal document, which is not legally binding

Question 23

GLBA

Answer 23

Gramm-Leach-Bliley Act - Act that governs how financial institutions handle customer financial records

Question 24

SOX

Answer 24

Sarbanes-Oxley Act - Dictates requirements for storing and retaining documents relating to an organization's financial and business operations

Question 25

FERPA

Answer 25

Family Educational Rights and Privacy Act - Requires that educational institutions implement security and privacy controls for student educational records

Question 26

EIGRP

Question 27

BGP

Answer 27

Border Gateway Protocol