COMP TIA Acronyms 1

Question 1

Is the type of cryptography where block cipher algorithms are applied three times to each data block. The key size increased in Triple-DES to ensure additional security through encryption capabilities

Answer 1

Triple Data Encryption Standard (3DES)

Question 2

A framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services

Answer 2

Authentication, Authorization, and Accounting (AAA)

Question 3

An authorization methodology that sets and enforces policies based on characteristics, such as department, location, manager, and time of day

Answer 3

Attribute Based Access Control (ABAC)

Question 4

Made up of rules that either allow access to a computer environment or deny it. In a way, an ACL is like a guest list at an exclusive club

Answer 4

Access Control (ACL)

Question 5

Is a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are who’s allowed to do what

Answer 5

Active Directory (AD)

Question 6

Is the specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST)

Answer 6

Advanced Encryption Standard (AES)

Question 7

Verifies origin of data and also payload to confirm if there has been modification done in between during transmission between source and destination

Answer 7

Authentication Header (AH)

Question 8

Is a service the Cybersecurity and Infrastructure Security Agency (CISA) provides to enable real-time exchange of machine-readable cyber threat indicators and defensive measures between public and private sector organizations

Answer 8

Automated Indicator Sharing (AIS)

Question 9

Is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is expressed as ALE=ARO X SLE

Answer 9

Annualized Loss Expectancy

Question 10

A stand alone device or computer that allows wireless devices (such as laptop computers) to connect to and communicate with a wired computer network

Answer 10

Access Point (AP)

Question 11

Mechanism that enable two software components to communicate with each other using a set of definitions and protocols.

Answer 11

Application Programming Interface (API)

Question 12

A prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period

Answer 12

Advanced Persistent Threat (APT)

Question 13

The probability that a risk will occur in a particular year

Answer 13

Annualized Rate of Occurrence (ARO)

Question 14

Is a protocol or procedure that connects an ever-changing Internet Protocol (IP) address to a fixed physical machine address, also known as a media access control (MAC) address, in a local area network (LAN)

Answer 14

Address Resolution Protocol (ARP)

Question 15

A technique that is used to increase the difficulty of performing a buffer overflow attack that requires the attacker to know the location of an executable in memory

Answer 15

Address Space Layout Randomization (ASP)

Question 16

Enables web servers to dynamically generate webpages and create interactive web applications by using server-side scripting technology. The use of ASP pages with Microsoft Internet Information Services (IIS) is currently supported in all supported version

Answer 16

Active Server Pages (ASP)

Question 17

Is a guideline for classifying and describing cyberattacks and intrusions. It was created by the Mitre Corporation and released in 2013

Answer 17

Adversarial Tactics, Techniques and Common Knowledge (ATT&CK)

Question 18

A document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources

Answer 18

Acceptable Use Policy (AUP)

Question 19

Designed to detect and destroy computer viruses

Answer 19

Antivirus (AV)

Question 20

Is a Unix shell and command language used for scripting. It provides command-based programming to interpret and execute user commands

Answer 20

Bourne Again Shell (BASH)

Question 21

Created to help speed up the recovery of an organization filing a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime

Answer 21

Business Continuity Planning (BCP)

Question 22

A set of rules that determine the best network routes for data transmission on the internet. The internet consists of private, public, corporate, and government networks linked together through standardized protocols, devices and communication technologies

Answer 22

Border Gateway Protocol (BGP)

Question 23

Is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency

Answer 23

Business Impact Analysis (BIA)

Question 24

A program fixed and embedded on a device’s microprocessor that helps to initialize hardware operations and manage the data flow to and from the operating system (OS) at the time of bootup

Answer 24

Basic Input/Output System (BIOS)

Question 25

The message that are transmitted across LAN networks to enable switches to participate in Spanning Tree Protocol (STP) by gathering information about each other

Answer 25

Bridge Protocol Data Unit (BPDU)

Question 26

The trend of employees using personal devices to connect to their organizational networks and access work-related systems and potentially sensitive or confidential data

Answer 26

Bring Your Own Device (BYOD)

Question 27

Is a trusted entity that issues Secure Sockets Layer (SSL) certificates. These digital certificates are data files used to cryptographically link an entity with a public key

Answer 27

Certificate Authority (CA)

Question 28

Test designed to determine if an online user is really a human and not a bot

Answer 28

Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)

Question 29

Is basically an official document issued when an element of a plan hasn’t been implemented or executed properly. When any changes need to be made in the process, a corrective action report has to be prepared so that procedures are updates for future use

Answer 29

Corrective Action Report (CAR)

Question 30

Are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed

Answer 30

Cloud Access Security Broker

Question 31

Is a mode of operation for a block-cipher, one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block

Answer 31

Cipher Block Chaining (CBC)

Question 32

Is any course of instruction whose primary means of delivery is a computer

Answer 32

Computer Based Training (CBT)

Question 33

An encryption protocol based on the U.S. Federal government’s Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBD-MAC (CCM) mode of operation

Answer 33

Counter-Mode/CBC-MAC Protocol (CCMP)

Question 34

Is a group formed in 1998 by the U.S. Defense Advanced Research Projects Agency-and coordinated through Carnegie Mellon

Answer 34

Computer Emergency Response Team (CERT)

Question 35

Is an AES block cipher mode similar to the CBC mode in the sense that for the encryption of a block, Bi, the cipher of the previous block, Ci-1 is required

Answer 35

Cipher Feedback (CFB)

Question 36

Is an identity checking protocol that periodically re-authenticates the user during an online session. Properly implemented CHAP is replay attack resistant, and far more secure than the Password Authentication Protocol (PAP)

Answer 36

Challenge-Handshake Authentication Protocol (CHAP)

Question 37

Managing and successfully implementing the information and computer technology systems of a company

Answer 37

Chief Information Officer (CIO)

Question 38

Group of individuals usually consisting of Security Analysts organized to develop, recommend and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents

Answer 38

Computer Incident Response Team (CIRT)

Question 39

To develop, validate, and promote timely best practice solutions that help people, business and governments protect themselves against pervasive cyber threats

Answer 39

Center for Internet Security (CIS)

Question 40

Is software that helps users create, manage, and modify content on a website without the need for technical knowledge.

Answer 40

Content Management System (CMS)

Question 41

The worlds leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment

Answer 41

Cloud Security Alliance (CSA)

Question 42

Is a group of IT professionals that provides an organization with services and support surrounding the assessment, management and prevention of cybersecurity-related emergencies, as well as coordination of incident response efforts

Answer 42

Computer Security Incident Response Team (CSIRT)

Question 43

A third party company offering cloud-based platform, infrastructure, application or storage service.

Answer 43

Cloud Service Provider (CSP)

Question 44

Is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated With help of Social Engineering

Answer 44

Cross-Site Request Forgery (CSRF)

Question 45

A simple counter-based block cipher implementation Every time a counter initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block

Answer 45

Counter-Mode (CTM)

Question 46

Is a database of publicly disclosed information security issues

Answer 46

Common Vulnerabilities and Exposures (CVE)

Question 47

Is a free and open industry standard for assessing the severity of computer system security vulnerabilities

Answer 47

Common Vulnerabilities and Scoring System (CVSS)

Question 48

A hardware management model in which employees select a preferred device from a company-approved range of options

Answer 48

Choose your own Device (CYOD)

Question 49

Is the principle of restricting access to objects based on the identity of the subject (the user or group to which the user belongs)

Answer 49

Discretionary Access Control (DAC)

Question 50

Responsible for maintaining, securing, and operating databases and also ensures that data is correctly stored and returned

Answer 50

Database Administrator (DBA)

Question 51

A malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood or internal traffic

Answer 51

Distributed Denial-of-Service (DDoS)

Question 52

Helps protect you from executable code launching from places its not supposed to

Answer 52

Data Execution Prevention (DEP)