Security + Acronyms Flashcards
Need To Study 7,8
Which of the following answers refers to a unique 48-bit address assigned to every network adapter?
SSID, MAC or PIN ?
MAC (Media Access Control)
A unique 48-bit (6-byte) hardware identifier assigned to every network interfaces/ adapter.
Analogy: Like a fingerprint for your network card.
In older, non-UEFI based PCs, the first sector of a storage drive containing information about partitions and a piece of executable code used to load the installed OS is called:
MBR, GPT or GUID ?
MBR (Master Boot Record)
The first sector of a storage device that contains boot instructions and partition table.
Analogy: Like a table of contents and startup instructions for your hard drive.
In cloud computing, users on an on-premises network take advantage of a transit gateway to connect to:
VPC, VLAN or Wan ?
VPC (Virtual Private Cloud)
An isolated cloud computing environment within a public cloud.
Analogy: Like having a private office suite in a shared office building.
Which of the answers listed below refer to DSA? (Select 3 answers)
DSA (Digital Signature Algorithm)
A method used for digital signatures to verify authenticity. Like signing a contract electronically, used for generating and verifying digital signatures.
- Asymmetric algorithm
- Provides authentication, integrity, and non-repudiation
- Specifically designed for creating and verifying digital signatures
Which of the answers listed below describe(s) the characteristics of ECDSA? (Select all that apply)
ECDSA (Elliptic Curve Digital Signature Algorithm)
Based on elliptic curve cryptography Its a digital signature method that provides strong security with smaller keys. Like a compact but powerful lock, used for generating and verifying digital signatures.
- Provides authentication, integrity, and non-repudiation.
- Based on elliptic curve cryptography.
- Specifically designed for creating and verifying digital signatures.
- More computationally efficient than other signature algorithms
Which of the following answers refers to a deprecated stream cipher used in some legacy applications, such as WEP?
DES, RC4 or RSA
RC4 (Rivest Cipher 4)
A stream cipher (now considered insecure) once used in SSL/TLS and WEP.
Analogy: Like a broken lock that shouldn’t be used anymore.
Which of the answers listed below refers to a wireless network authentication protocol that enhances security by encapsulating the authentication process within an encrypted TLS tunnel?
PEAP, EAP or LEAP ?
PEAP (Protected Extensible Authentication Protocol)
Encapsulates EAP within a TLS tunnel for secure authentication. Analogy: Like having a private conversation inside a soundproof booth.
A type of metric used to evaluate the profitability of an investment by comparing the return generated from the investment relative to its cost is referred to as:
ROA, ROI or ROS ?
ROI (Return on Investment)
Measurement of the profitability of an investment. Analogy: Like calculating if the money you put into security is actually saving you money.
Which of the answers listed below refers to an identifier used for objects in a PKI, such as CAs, digital certificates, and public key algorithms?
OID, GUID or DN ?
OID (Object Identifier)
A unique string of numbers that identifies objects in computing. Analogy: Like a social security number for software components.
Which of the following answers refers to a solution designed to strengthen the security of session keys?
ECB, PFS or EFS?
PFS (Perfect Forward Secrecy)
Ensures session keys can’t be derived from long-term keys if compromised. Analogy: Like using disposable keys that self-destruct after each use.
Which of the answers listed below refers to a twisted-pair copper cabling type not surrounded by any shielding that would provide protection against interference from outside sources?
UTP, Twinax or STP ?
UTP (Unshielded Twisted Pair)
Common network cable type (e.g., Cat5e, Cat6). Analogy: Like the standard electrical wiring for your network.
Which of the following terms refers to a technology that enables real-time audio and video communication between individuals or groups?
VPC, VTC or VoIP ?
VTC (Video Teleconferencing)
Secure video communication systems. Analogy: Like a high-security boardroom meeting over video.
A dedicated data storage solution that combines multiple disk drive components into a single logical unit to increase volume size, performance, or reliability is known as:
SAN, RAID or JBOD ?
RAID (Redundant Array of Independent Disks)
Data storage virtualisation technology. Analogy: Like having multiple copies of your important files on different shelves.
Which of the answers listed below can be used to describe XSRF? (Select 3 answers)
XSRF (Cross-Site Request Forgery)
Attack that tricks users into executing unwanted actions. Analogy: Like someone forging your signature on a check while you’re logged in to your bank.
- Exploits the trust a website has in the user’s web browser.
- Website executes attacker’s requests.
- A user is tricked by an attacker into submitting unauthorised web requests.
Which of the following answers can be used to describe the characteristics of an XSS attack? (Select 3 answers)
XSS (Cross-Site Scripting)
Injection attack where malicious scripts are executed in web pages.
Analogy: Like someone slipping a poisoned note into a stack of papers you’re about to read.
- Exploits the trust a user’s web browser has in a website.
- A malicious script is injected into a trusted website.
- User’s browser executes attacker’s script.
Which of the answers listed below refers to an encoding method (and a file format) for storing cryptographic objects such as X.509 certificates, CRLs, and private keys?
FIM, PEM or PFS?
PEM (Privacy Enhanced Mail)
Base64 encoded format for certificates and keys. Analogy: Like a standardised envelope for sending digital security credentials.
Which of the following answers refers to a centralised server that is used to distribute cryptographic keys and authenticate users and services within a computer network?
PKI, KDC or RAS ?
KDC (Key Distribution Centre)
Part of Kerberos that authenticates users and issues tickets. Analogy: Like a passport office that issues travel documents after verifying your identity.
An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:
AGI, ML, LLM ?
ML (Machine Learning)
AI that improves automatically through experience. Analogy: Like a security guard that gets smarter the more threats they see.
Which data packet type is specifically used to detect and prevent network loops in Ethernet networks?
MTU, BPDU or Jumbo Frame ?
BPDU (Bridge Protocol Data Unit)
Messages exchanged in spanning tree protocol (STP) networks. Analogy: Like traffic signals between network bridges to prevent loops.
Which of the answers listed below refers to a key exchange protocol that generates temporary keys for each session, providing forward secrecy to protect past and future communications?
DHE, PFS or SHA ?
DHE (Diffie-Hellman Ephemeral)
Key exchange method that generates temporary session keys. Analogy: Like creating a secret handshake that changes every time you meet.
Which of the following terms refers to a method for managing infrastructure resources through scripts and templates?
IaaS, IaC or ML ?
IaC (Infrastructure as Code)
Managing and provisioning infrastructure through machine-readable files.
Analogy: Like writing a recipe to automatically build your network environment.
Which of the following answers refers to a cybersecurity framework that combines network and security functions into a single cloud-based service?
SASE, SOAR or SIEM ?
SASE (Secure Access Service Edge)
Converges network and security services into cloud-delivered platform.
Analogy: Like having a security checkpoint in the cloud for all your network traffic.
A process used by organizations to assess and evaluate the potential impact of disruptive incidents or disasters on their critical business functions and operations is referred to as:
BIA, BPA or BCP ?
BIA (Business Impact Analysis)
Process to determine potential effects of disruption to business functions. Analogy: Like a stress test for your business operations.
Which of the answers listed below refers to one of the last stages in SDLC?
UCD, UAT or AUT ?
UAT (User Acceptance Testing)
Final testing phase where end users verify the system. Analogy: Like a test drive before buying a new car.
Which cipher mode transforms a block cipher into a stream cipher enabling the encryption of individual bits or bytes of data?
ECB, CBC or CFB ?
CFB (Cipher Feedback)
Mode of operation for block ciphers that turns them into stream ciphers. Analogy: Like converting a safe into a continuous stream of mini-locks.
Which of the following answers refers to a deprecated encryption protocol?
SSH, SHA-256 or SSL ?
SSL (Secure Sockets Layer)
Deprecated predecessor to TLS for encrypted communications. Analogy: Like the old, less secure version of a secret conversation protocol.
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
API, DLL or EXE ?
DLL (Dynamic Link Library)
Shared library files in Windows used by multiple programs. Analogy: Like a shared toolbox that different programs can use.
A block cipher mode that combines a unique counter with encryption key to generate a stream of pseudorandom data blocks which are then used for encrypting data is called:
CFB, CTM or CBC ?
CTM (Counter Mode)
Block cipher mode that turns block ciphers into stream ciphers. Analogy: Like converting a vault into a flowing stream of small safes.
Which of the following combines a cryptographic hash function with a secret key to provide a means of verifying both the authenticity and integrity of a message or data?
MD5, HMAC or DSA ?
HMAC (Hash-based Message Authentication Code)
Combines cryptographic hash with secret key for message authentication. Analogy: Like a tamper-evident seal for your digital messages.
What is the fastest way for checking the validity of a digital certificate?
CRL, OSPF or OCSP?
OCSP (Online Certificate Status Protocol)
A real-time protocol that checks if a digital certificate has been revoked before it expires. Unlike static CRL lists, OCSP provides live validation. Analogy: A bouncer checking your ID’s validity with the DMV before letting you in.
Which of the terms listed below refers to a process of intercepting network traffic data for analysis and troubleshooting purposes?
AIS, EDR or PCAP ?
PCAP (Packet Capture)
The raw data collected from network traffic, often saved in .pcap files for analysis. Used for troubleshooting and security investigations. Analogy: A security camera recording all conversations in a building.
In a Kerberos-protected network, this type of secure token is granted to users during their initial login to enable them access to multiple network services without the need to re-enter their login information.
OTP, TGS or TGT ?
TGT (Ticket-Granting Ticket)
In Kerberos authentication, this is the initial credential that allows users to request access to specific services without re-entering credentials. Analogy: A festival wristband that lets you access all venues without showing your ticket each time.
Which of the following answers refers to a language primarily used for automating the assessment of security vulnerabilities and configuration issues on computer systems?
OVAL, SAML or XML ?
OVAL (Open Vulnerability and Assessment Language)
An XML-based standard used to define and detect system vulnerabilities, configurations, and patches across platforms. Analogy: A universal recipe for finding security flaws in any system.
A remote access authentication protocol used primarily in Microsoft networks that periodically re-authenticates client at random intervals to prevent session hijacking is known as:
PEAP, CHAP or MSCHAP ?
MSCHAP (Microsoft Challenge-Handshake Authentication Protocol)
An encrypted authentication method where the server challenges the client to prove identity without sending plaintext passwords. Analogy: A secret knock that proves you belong, without saying the password out loud.
Which of the acronyms listed below refers to a formal and legally binding document that specifies detailed terms, obligations, and responsibilities of all parties involved?
SOW, MOU or MOA ?
MOA (Memorandum of Agreement)
A formal but non-binding document outlining collaboration terms between parties. Less detailed than a contract but more structured than an MOU. Analogy: A written pinky promise between organizations.
Which of the following answers refers to CSRF?
CSRF (Cross-Site Request Forgery)
A type of malicious attack where unauthorised commands are transmitted from a user’s browser to a web application without their knowledge or consent, often leading to actions being taken on their behalf.
ARP provides:
FQDN-to-IP mapping, MAC-to-IP mapping or IP-to-MAC mapping ?
ARP (Address Resolution Protocol)
A network protocol that maps dynamic IP addresses to physical MAC addresses on a local network. Vulnerable to spoofing attacks. Analogy: A school attendance sheet matching names (IPs) to faces (MACs).
A set of procedures put in place to recover IT systems and data following a major disruption is called:
BIA, BCP or DRP ?
DRP (Disaster Recovery Plan)
A documented process to restore IT systems and data after catastrophic events like cyberattacks or natural disasters. Analogy: A fire escape plan for your digital infrastructure.
Which of the answers listed below refers to a network protocol used for synchronising clocks over a computer network?
VTP, RTP or NTP?
NTP (Network Time Protocol)
Synchronises clocks across networked devices to ensure accurate timestamps, critical for logging and security. Analogy: A conductor keeping all orchestra instruments in perfect time.
An integrated circuit combining components typically found in a standard computer system is referred to as:
SoC, BIOS or HSM ?
SoC (System on a Chip)
A microchip that integrates all components of a computer (CPU, RAM, storage) into a single unit. Common in IoT and mobile devices. Analogy: A Swiss Army knife of computing—everything in one compact tool.
Which of the answers listed below refers to a protocol used by routers, hosts, and network devices to generate error messages and troubleshoot problems with delivery of IP packets?
CCMP, ICMP or RSTP ?
ICMP (Internet Control Message Protocol)
A network protocol used by devices to send error messages and operational information (e.g., “ping” requests). Essential for network troubleshooting but can be abused in attacks.
Analogy: Like a walkie-talkie system that network devices used to say “I’m here!” or “This path is blocked!”
Which of the following terms refer to the characteristic features of DSL? (Select 3 answers)
DSL (Digital Subscriber Line)
Provides internet over traditional copper telephone lines, offering slower speeds than fiber but wider availability. Analogy: Delivering Netflix through old-school telephone wires.
- Copper cabling
- Telephone lines
- Last mile solutions
Which of the answers listed below refers to a mobile device deployment model that allows employees to use private mobile devices for accessing company’s restricted data and applications?
JBOD, BYOD or CYOD ?
BYOD (Bring Your Own Device)
A policy allowing employees to use personal devices for work, requiring strong security controls. Analogy: Letting workers use their own cars for deliveries—but requiring GPS and alarms.
What is the name of a U.S. government initiative providing a set of procedures and plans that an organisation can implement to ensure continued performance of its essential functions during unexpected events?
RPO, BCP, COOP ?
COOP (Continuity of Operations Plan)
Ensures essential functions continue during disruptions (like cyberattacks or disasters). Focuses on maintaining critical services.
Analogy: A backup generator for your most vital business operations.
Which of the following answers refers to a policy framework that allows domain owners to specify how email receivers should handle emails that fail authentication checks?
DKIM, SPF or DMARC ?
DMARC (Domain-based Message Authentication, Reporting & Conformance)
Email security protocol that uses SPF and DKIM to prevent spoofing. Tells receivers what to do with failed emails (quarantine/reject).
Analogy: A fraud-detection system for your email domain.
A cloud-based solution that provides ongoing oversight and supervision of IT assets and services is called:
PaaS, SaaS or MaaS ?
MaaS (Monitoring as a Service)
Cloud-based service that provides real-time monitoring of systems, networks, or applications.
Analogy: A 24/7 security guard you rent instead of hiring.
Which of the following terms is used to describe all aspects of software development?
SDLM, SDLC or PLC ?
SDLM (Software Development Lifecycle Management)
Tools and processes to oversee the entire software development process (planning to deployment).
Analogy: A project manager for building software from start to finish.
Which of the answers listed below refers to a markup language for exchanging authentication and authorisation data?
XML, SAML or XHTML ?
SAML (Security Assertion Markup Language)
XML-based standard for Single Sign-On (SSO). Allows secure authentication across systems.
Analogy: A universal passport for logging into multiple services.
What are the characteristic features of SAML? (Select 3 answers)
SAML (Security Assertion Markup Language)
XML-based standard for Single Sign-On (SSO). Allows secure authentication across systems.
Analogy: A universal passport for logging into multiple services.
- Handles both authentication and authorisation for SSO.
- Uses XML for data exchange.
- Commonly used in enterprise environments and legacy systems.
Which DNS TXT records are used for spam management? (Select 3 answers)
DMARC, DKIM and SPF
- DMARC (Domain-based Message Authentication, Reporting & Conformance)
Email security protocol that uses SPF and DKIM to prevent spoofing. Tells receivers what to do with failed emails (quarantine/reject).
Analogy: A fraud-detection system for your email domain.
- DKIM (DomainKeys Identified Mail)
A method for validating that an email was sent by an authorised sender and hasn’t been tampered with. It adds a digital signature to the email header, like a seal of authenticity.
- SPF (Sender Policy Framework)
A protocol that helps prevent email spoofing by verifying that the sender’s IP address is authorised to send emails for that domain. It’s like a guest list for your email server.
Which of the following terms can be used as a synonym for an aerial drone?
USV, UAP or UAV ?
UAV (Unmanned Aerial Vehicle)
A drone operated remotely or autonomously, used for surveillance, delivery, or reconnaissance. Think of it as a flying robot spy or courier.
A software development approach that aims for speedy application creation and continuous improvement through iterative development and user collaboration is referred to as:
FDD, DevOps or RAD ?
RAD (Rapid Application Development)
A software development methodology emphasizing quick prototypes and iterative updates.
Analogy: Building a car by quickly testing and improving each part.
Which of the protocols listed below is referred to as a connectionless, unreliable, or best-effort protocol?
MPLS, SMTP or UDP ?
UDP (User Datagram Protocol)
A fast but unreliable network protocol (no error-checking). Used for video streaming/gaming.
Analogy: Sending postcards without tracking, fast but no guarantee they arrive.
Which of the following answers refers to a software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables?
MDM, UEM or MAM ?
UEM (Unified Endpoint Management)
Manages all devices (laptops, phones, IoT) from one platform. Combines MDM and traditional IT tools.
Analogy: A universal remote control for every company device.
Which of the answers listed below refers to a technology that allows USB devices to act as both hosts and peripherals, enabling them to connect to and communicate with other USB devices directly without the need for a computer or dedicated host?
PnP, OTG or HCI?
OTG (On-The-Go)
USB standard allowing devices (like phones) to act as hosts for peripherals (keyboards, drives).
Analogy: Turning your phone into a mini-computer.
Which of the answers listed below refers to a set of procedures put in place to recover IT systems and data following a major disruption?
IRP, DRP or ERP ?
DRP (Disaster Recovery Plan)
Steps to restore systems/data after major incidents (cyberattacks, outages).
Analogy: A fire drill for your IT infrastructure.
Which of the following acronyms refers to a senior executive responsible for technology-related decision-making and planning?
CIO, CSO or CTO ?
CTO (Chief Technology Officer)
Executive overseeing tech strategy, innovation, and implementation in a company.
Analogy: The captain of the tech ship, steering innovation.
Which of the following acronyms refers to a document that authorises, initiates, and tracks the progress and completion of a particular job or task?
SOW, WO or MSA?
WO (Work Order)
A formal document that authorizes, initiates, and tracks the progress/completion of a specific job or task. It includes details like scope, timeline, and responsible parties. Think of it as a “to-do list with authority” for teams or contractors.
