SEC ACRONYMS

Question 1

3DES

Answer 1

-Triple Data Encryption Standard

a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.

Question 2

AAA

Answer 2

-Authentication, authorization, and accounting

security framework that controls access to computer resources, enforces policies, and audits usage.

Question 3

ABAC

Answer 3

-Attribute-based access control

provides access to users based on who they are rather than what they do

Question 4

ACL

Answer 4

-Access-control list

list of permissions that dictate what a user has access to and what types of operations they are allowed to do with that access.

Question 5

AD

Answer 5

-Active Directory

a database and set of services that connect users with the network resources they need to get their work done

Question 6

AES

Answer 6

• Advanced Encryption Standard

symmetric block cipher chosen by the U.S. government to protect classified information
128-bit blocks

Question 7

AES256

Answer 7

• Advanced Encryption Standard 256

virtually impenetrable symmetric encryption algorithm that uses a 256-bit key to convert your plain text or data into a cipher.

Question 8

AH

Answer 8

-Authentication Header

provides a means to verify the source of an IP packet

Question 9

AIS

Answer 9

-Automated Indicator Sharing

enable real-time exchange of machine-readable cyber threat indicators and defensive measures between public and private-sector organizations.

Question 10

ALE

Answer 10

-Annualized Loss Expectancy

your yearly cost due to a risk

Question 11

API

Answer 11

-Advanced Persistent Threat

a set of programming code that allows two programs to talk to each other

Question 12

ARO

Answer 12

-Annualized Rate of Occurrence

The probability that a risk will occur in a particular year

Question 13

ARP

Answer 13

-Address Resolution Protocol

protocol that maps dynamic IP addresses to permanent physical machine addresses in a local area network (LAN).
(link layer address)

Question 14

ASLR

Answer 14

-Address Space Layout Randomization

memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.

Question 15

ASP

Answer 15

-Active Server Pages

enables web servers to dynamically generate webpages and create interactive web applications by using server-side scripting technology

Question 16

ATT&CK

Answer 16

-Adversarial Tactics, Techniques,
and Common Knowledge

guideline for classifying and describing cyberattacks and intrusions.
(It was created by the Mitre Corporation and released in 2013)

Question 17

AUP

Answer 17

-Acceptable Use Policy

practices users must agree to in order to use a network or other resource

Question 18

BASH

Answer 18

-Bourne Again Shell

free and enhanced version of the Bourne shell distributed with Linux and GNU operating systems.

Question 19

BCP

Answer 19

-Business Continuity Planning

establishes protocols and creates prevention and recovery systems in case of a cyber-attack or natural disaster

Question 20

BGP

Answer 20

-Border Gateway Protocol

most effective Internet protocol that enables routing, reachability and sharing data between autonomous systems (AS) on the Internet.

Question 21

BIA

Answer 21

-Business Impact Analysis

measures the severity of those threats and how they would affect business operations and finances

Question 22

BIOS

Answer 22

-Basic Input/Output System

a set of computer instructions in firmware which control input and output operations.

Question 23

BPA

Answer 23

-Business Partnership Agreement

establishes rules for two or more parties going into business together

Question 24

BPDU

Answer 24

-Bridge Protocol Data Unit

spanning tree protocol (STP) message unit that describes the attributes of a switch port such as its MAC address, priority and cost to reach.
BPDUs enable switches that participate in a spanning tree protocol to gather information about each other.

Question 25

BSSID

Answer 25

-Basic Service Set Identifier

the MAC (Media Access Control) physical address of the access point or wireless router that is used to connect to the WiFi.

Question 26

BYOD

Answer 26

-Bring Your Own Device

policy that enables employees in an organization to use their personally owned devices for work-related activities.

Question 27

CA

Answer 27

-Certificate Authority

entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.

Question 28

CAPTCHA

Answer 28

-Completely Automated Public Turing
Test to Tell Computers and Humans Apart

type of challenge–response test used in computing to determine whether the user is human in order to deter bot attacks and spam.

Question 29

CAR

Answer 29

-Corrective Action Report

a report which lists the defects (or defect) which need to be rectified or corrected.
The report outlines the remedial actions necessary to rectify whatever has gone wrong or will likely go wrong as per the current situation during the project.

Question 30

CASB

Answer 30

-Cloud Access Security Broker

on-premises or cloud-based security policy enforcement point between cloud service consumers and providers.

Question 31

CBC

Answer 31

-Cipher Block Chaining

the plaintext of a block is combined with the ciphertext of the previous block via an exclusive or (xor) operation, and the result is encrypted.
The result is the ciphertext of that block, and will also be used in the encryption of the following block.

Question 32

CBT

Answer 32

-Computer-based Training

a form of learning that utilizes computer technology and digital resources for delivering educational content.

Question 33

CCMP

Answer 33

-Counter-Mode/CBC-MAC Protocol

an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i
,.. amendment to the original IEEE 802.11 standard.

Question 34

CERT

Answer 34

-Computer Emergency Response Team

a group of information security experts responsible for the protection against, detection of and response to an organization’s cybersecurity incidents.